解读KOEI曹操传代码 - 设计与修改 - 轩辕春秋文化论坛 20周年


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#31

发表于 2007-12-30 21:26 资料个人空间短消息只看该作者

平均等级计算方法

局部变量:
内存48B350存放了出场人物的序号
局部变量里有一个数字数组:
EBP-10 到  EBP-1  (-10,-0F,-0E,-0D,-0C,-0B,-0A.-09.-08.-07,--06,-05,-04,-03,-02,)每个一个字节，放着出场人物的等级
-14    出场人物等级和
-18    循环计数器
-1C 我方出场人物个数
-20    循环计数器
-24    用于交换操作的临时变量
-28 我方出场人物个数友移动两位(0~3，4种可能值)
-2C Ecx值
0041885A  /$  55          PUSH EBP
0041885B  |.  8BEC       MOV EBP,ESP
0041885D  |.  83EC 2C    SUB ESP,2C
00418860  |.  894D D4    MOV DWORD PTR SS:[EBP-2C],ECX
00418863  |.  C745 EC 00000>MOV DWORD PTR SS:[EBP-14],0
0041886A  |.  C645 E4 00 MOV BYTE PTR SS:[EBP-1C],0
0041886E  |>  8B45 E4    /MOV EAX,DWORD PTR SS:[EBP-1C]
00418871  |.  25 FF000000 |AND EAX,0FF
00418876  |.  813C85 50B348>|CMP DWORD PTR DS:[EAX*4+48B350],0FFFF
00418881  |.  74 0B       |JE SHORT WaGan.0041888E
00418883  |.  8A4D E4    |MOV CL,BYTE PTR SS:[EBP-1C]
00418886  |.  80C1 01    |ADD CL,1
00418889  |.  884D E4    |MOV BYTE PTR SS:[EBP-1C],CL
0041888C  |.^ EB E0       \JMP SHORT WaGan.0041886E 统计我方出场人物个数

0041888E  |>  8B45 E4    MOV EAX,DWORD PTR SS:[EBP-1C]
00418891  |.  25 FF000000 AND EAX,0FF
00418896  |.  99          CDQ
00418897  |.  83E2 03    AND EDX,3
0041889A  |.  03C2       ADD EAX,EDX
0041889C  |.  C1F8 02    SAR EAX,2
0041889F  |.  8845 D8    MOV BYTE PTR SS:[EBP-28],AL
004188A2  |.  C645 E0 00 MOV BYTE PTR SS:[EBP-20],0
004188A6  |.  EB 09       JMP SHORT WaGan.004188B1

004188A8  |>  8A55 E0    /MOV DL,BYTE PTR SS:[EBP-20]
004188AB  |.  80C2 01    |ADD DL,1
004188AE  |.  8855 E0    |MOV BYTE PTR SS:[EBP-20],DL
004188B1  |>  8B45 E0       MOV EAX,DWORD PTR SS:[EBP-20]
004188B4  |.  25 FF000000 |AND EAX,0FF
004188B9  |.  8B4D E4    |MOV ECX,DWORD PTR SS:[EBP-1C]
004188BC  |.  81E1 FF000000 |AND ECX,0FF
004188C2  |.  3BC1       |CMP EAX,ECX
004188C4  |.  7D 2D       |JGE SHORT WaGan.004188F3
004188C6  |.  8B55 E0    |MOV EDX,DWORD PTR SS:[EBP-20]
004188C9  |.  81E2 FF000000 |AND EDX,0FF
004188CF  |.  8B0C95 50B348>|MOV ECX,DWORD PTR DS:[EDX*4+48B350]
004188D6  |.  6BC9 48    |IMUL ECX,ECX,48 data序号*0x48
004188D9  |.  81C1 0000D600 |ADD ECX,0D60000
004188DF  |.  E8 ECDCFEFF |CALL WaGan.004065D0 获取武将ecx的等级
004188E4  |.  8B4D E0    |MOV ECX,DWORD PTR SS:[EBP-20]
004188E7  |.  81E1 FF000000 |AND ECX,0FF
004188ED  |.  88440D F0    |MOV BYTE PTR SS:[EBP+ECX-10],AL 等级存放进数组
004188F1  |.^ EB B5       \JMP SHORT WaGan.004188A8

004188F3  |>  C645 E8 00 MOV BYTE PTR SS:[EBP-18],0
004188F7  |.  EB 09       JMP SHORT WaGan.00418902

004188F9  |>  8A55 E8    /MOV DL,BYTE PTR SS:[EBP-18]
004188FC  |.  80C2 01    |ADD DL,1
004188FF  |.  8855 E8    |MOV BYTE PTR SS:[EBP-18],DL
00418902  |>  8B45 E8       MOV EAX,DWORD PTR SS:[EBP-18]
00418905  |.  25 FF000000 |AND EAX,0FF
0041890A  |.  8B4D E4    |MOV ECX,DWORD PTR SS:[EBP-1C]
0041890D  |.  81E1 FF000000 |AND ECX,0FF
00418913  |.  3BC1       |CMP EAX,ECX
00418915  |.  0F8D 88000000 |JGE WaGan.004189A3
0041891B  |.  C645 E0 00 |MOV BYTE PTR SS:[EBP-20],0
0041891F  |.  EB 09       |JMP SHORT WaGan.0041892A

00418921  |>  8A55 E0    |/MOV DL,BYTE PTR SS:[EBP-20]
00418924  |.  80C2 01    ||ADD DL,1
00418927  |.  8855 E0    ||MOV BYTE PTR SS:[EBP-20],DL
0041892A  |>  8B45 E0    | MOV EAX,DWORD PTR SS:[EBP-20]
0041892D  |.  25 FF000000 ||AND EAX,0FF
00418932  |.  8B4D E4    ||MOV ECX,DWORD PTR SS:[EBP-1C]
00418935  |.  81E1 FF000000 ||AND ECX,0FF
0041893B  |.  83E9 01    ||SUB ECX,1
0041893E  |.  3BC1       ||CMP EAX,ECX
00418940  |.  7D 5C       ||JGE SHORT WaGan.0041899E
00418942  |.  8B55 E0    ||MOV EDX,DWORD PTR SS:[EBP-20]
00418945  |.  81E2 FF000000 ||AND EDX,0FF
0041894B  |.  33C0       ||XOR EAX,EAX
0041894D  |.  8A4415 F0    ||MOV AL,BYTE PTR SS:[EBP+EDX-10]    从数组里取出等级
00418951  |.  8B4D E0    ||MOV ECX,DWORD PTR SS:[EBP-20]
00418954  |.  81E1 FF000000 ||AND ECX,0FF
0041895A  |.  33D2       ||XOR EDX,EDX
0041895C  |.  8A540D F1    ||MOV DL,BYTE PTR SS:[EBP+ECX-F]
00418960  |.  3BC2       ||CMP EAX,EDX                      把数组里的第I项和第I-1项比较，若大于就跳转
00418962  |.  7D 38       ||JGE SHORT WaGan.0041899C
00418964  |.  8B45 E0    ||MOV EAX,DWORD PTR SS:[EBP-20]    i-1大于I，交换。
00418967  |.  25 FF000000 ||AND EAX,0FF
0041896C  |.  8A4C05 F0    ||MOV CL,BYTE PTR SS:[EBP+EAX-10]
00418970  |.  884D DC    ||MOV BYTE PTR SS:[EBP-24],CL
00418973  |.  8B55 E0    ||MOV EDX,DWORD PTR SS:[EBP-20]
00418976  |.  81E2 FF000000 ||AND EDX,0FF
0041897C  |.  8B45 E0    ||MOV EAX,DWORD PTR SS:[EBP-20]
0041897F  |.  25 FF000000 ||AND EAX,0FF
00418984  |.  8A4C15 F1    ||MOV CL,BYTE PTR SS:[EBP+EDX-F]
00418988  |.  884C05 F0    ||MOV BYTE PTR SS:[EBP+EAX-10],CL
0041898C  |.  8B55 E0    ||MOV EDX,DWORD PTR SS:[EBP-20]
0041898F  |.  81E2 FF000000 ||AND EDX,0FF
00418995  |.  8A45 DC    ||MOV AL,BYTE PTR SS:[EBP-24]
00418998  |.  884415 F1    ||MOV BYTE PTR SS:[EBP+EDX-F],AL
0041899C  |>^ EB 83       |\JMP SHORT WaGan.00418921
0041899E  |>^ E9 56FFFFFF \JMP WaGan.004188F9

004189A3  |>  8A4D D8    MOV CL,BYTE PTR SS:[EBP-28]
004189A6  |.  884D E0    MOV BYTE PTR SS:[EBP-20],CL
004189A9  |.  EB 09       JMP SHORT WaGan.004189B4

004189AB  |>  8A55 E0    /MOV DL,BYTE PTR SS:[EBP-20]
004189AE  |.  80C2 01    |ADD DL,1
004189B1  |.  8855 E0    |MOV BYTE PTR SS:[EBP-20],DL
004189B4  |>  8B45 E0       MOV EAX,DWORD PTR SS:[EBP-20]
004189B7  |.  25 FF000000 |AND EAX,0FF
004189BC  |.  8B4D E4    |MOV ECX,DWORD PTR SS:[EBP-1C]
004189BF  |.  81E1 FF000000 |AND ECX,0FF
004189C5  |.  8B55 D8    |MOV EDX,DWORD PTR SS:[EBP-28]
004189C8  |.  81E2 FF000000 |AND EDX,0FF
004189CE  |.  2BCA       |SUB ECX,EDX 人数减去-人数/4的值，
004189D0  |.  3BC1       |CMP EAX,ECX
004189D2  |.  7D 18       |JGE SHORT WaGan.004189EC
004189D4  |.  8B45 E0    |MOV EAX,DWORD PTR SS:[EBP-20]
004189D7  |.  25 FF000000 |AND EAX,0FF
004189DC  |.  33C9       |XOR ECX,ECX
004189DE  |.  8A4C05 F0    |MOV CL,BYTE PTR SS:[EBP+EAX-10]
004189E2  |.  8B55 EC    |MOV EDX,DWORD PTR SS:[EBP-14]
004189E5  |.  03D1       |ADD EDX,ECX
004189E7  |.  8955 EC    |MOV DWORD PTR SS:[EBP-14],EDX    累加等级和
004189EA  |.^ EB BF       \JMP SHORT WaGan.004189AB

004189EC  |>  8B4D E4    MOV ECX,DWORD PTR SS:[EBP-1C]
004189EF  |.  81E1 FF000000 AND ECX,0FF
004189F5  |.  8B55 D8    MOV EDX,DWORD PTR SS:[EBP-28]
004189F8  |.  81E2 FF000000 AND EDX,0FF
004189FE  |.  D1E2       SHL EDX,1
00418A00  |.  2BCA       SUB ECX,EDX
00418A02  |.  8B45 EC    MOV EAX,DWORD PTR SS:[EBP-14]
00418A05  |.  33D2       XOR EDX,EDX
00418A07  |.  F7F1       DIV ECX
00418A09  |.  8BE5       MOV ESP,EBP
00418A0B  |.  5D          POP EBP
00418A0C  \.  C3          RETN

曹操传
int average(Battle *bat)
{
int sum=0;
int i=0,j=0;
int totalNum=0;
int temp=0;
int level[15];
Battle *battle=bat;
int num=0;

//统计上场人数
while((battle+totalNum)->man!=-1)
{
totalNum++;
}

num= totalNum/4;

//将上场人物的等级全部存放进数组level
for(i=0;i<totalNum;i++)
{
level[15-i] = (battle+i)->level;
}

//进行选择排序
for (i=0;i<totalNum;i++)
{
for(j=0;i<totalNum-1;j++)
{
if (level[j]<level[j+1])
{
temp = level[j];
level[j]=level[j+1];
level[j+1]=temp;
}
}
}

//求和
for (i=num;i<totalNum-num;i++)
{
sum+=level[15-i];
}

//返回平均值
      return sum/(totalNum - 2*num);
}

[广告] 安装Alexa工具条，提高轩辕排名，支持轩辕发展！


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#32

发表于 2007-12-30 21:27 资料个人空间短消息只看该作者

每回合敌人阶段我军阶段地图文字显示分析

+10  1  /  0
+C 0  表示需要显示回合数       1  表示不需要显示回合数
+8 2    回合数
ECX= 4b3d08

-24  临时变量，控制循环

[EBP-10]  放着ClientRect

0044AC28  /$  55          PUSH EBP
0044AC29  |.  8BEC       MOV EBP,ESP
0044AC2B  |.  83EC 40    SUB ESP,40
0044AC2E  |.  894D C0    MOV DWORD PTR SS:[EBP-40],ECX
0044AC31  |.  B9 50424B00 MOV ECX,WaGan.004B4250
0044AC36  |.  E8 09B20000 CALL WaGan.00455E44             求 ECX+14 位置的值
0044AC3B  |.  99          CDQ
0044AC3C  |.  B9 30000000 MOV ECX,30
0044AC41  |.  F7F9       IDIV ECX
0044AC43  |.  8845 E4    MOV BYTE PTR SS:[EBP-1C],AL
0044AC46  |.  B9 50424B00 MOV ECX,WaGan.004B4250
0044AC4B  |.  E8 1BB20000 CALL WaGan.00455E6B          求 ECX+18 位置的值
0044AC50  |.  99          CDQ
0044AC51  |.  B9 30000000 MOV ECX,30
0044AC56  |.  F7F9       IDIV ECX
0044AC58  |.  8845 E0    MOV BYTE PTR SS:[EBP-20],AL
0044AC5B  |.  C745 E8 54E14>MOV DWORD PTR SS:[EBP-18],WaGan.0048E154       我军阶段
0044AC62  |.  C745 EC 60E14>MOV DWORD PTR SS:[EBP-14],WaGan.0048E160    敌军阶段
0044AC69  |.  8B55 0C    MOV EDX,DWORD PTR SS:[EBP+C]
0044AC6C  |.  F7DA       NEG EDX
0044AC6E  |.  1BD2       SBB EDX,EDX
0044AC70  |.  83E2 12    AND EDX,12
0044AC73  |.  83C2 2D    ADD EDX,2D
0044AC76  |.  52          PUSH EDX                                     ; /Arg1
0044AC77  |.  B9 50424B00 MOV ECX,WaGan.004B4250                      ; |
0044AC7C  |.  E8 69700000 CALL WaGan.00451CEA                         ; \WaGan.00451CEA
0044AC81  |.  837D 0C 00 CMP DWORD PTR SS:[EBP+C],0
0044AC85  |.  74 46       JE SHORT WaGan.0044ACCD
0044AC87  |.  8A45 E4    MOV AL,BYTE PTR SS:[EBP-1C]
0044AC8A  |.  8845 DC    MOV BYTE PTR SS:[EBP-24],AL
0044AC8D  |.  EB 09       JMP SHORT WaGan.0044AC98
0044AC8F  |>  8A4D DC    /MOV CL,BYTE PTR SS:[EBP-24]       从右到左
0044AC92  |.  80E9 01    |SUB CL,1
0044AC95  |.  884D DC    |MOV BYTE PTR SS:[EBP-24],CL
0044AC98  |>  8B55 DC       MOV EDX,DWORD PTR SS:[EBP-24]
0044AC9B  |.  81E2 FF000000 |AND EDX,0FF
0044ACA1  |.  85D2       |TEST EDX,EDX
0044ACA3  |.  7E 26       |JLE SHORT WaGan.0044ACCB
0044ACA5  |.  E8 1A3E0300 |CALL WaGan.0047EAC4
0044ACAA  |.  8A45 E0    |MOV AL,BYTE PTR SS:[EBP-20]
0044ACAD  |.  50          |PUSH EAX                                  ; /Arg4
0044ACAE  |.  6A 01       |PUSH 1                                     ; |Arg3 = 00000001
0044ACB0  |.  6A 00       |PUSH 0                                     ; |Arg2 = 00000000
0044ACB2  |.  8B4D DC    |MOV ECX,DWORD PTR SS:[EBP-24]             ; |
0044ACB5  |.  81E1 FF000000 |AND ECX,0FF                               ; |
0044ACBB  |.  83E9 01    |SUB ECX,1                                  ; |
0044ACBE  |.  51          |PUSH ECX                                  ; |Arg1
0044ACBF  |.  B9 50424B00 |MOV ECX,WaGan.004B4250                      ; |
0044ACC4  |.  E8 7F8E0000 |CALL WaGan.00453B48                         ; \WaGan.00453B48
0044ACC9  |.^ EB C4       \JMP SHORT WaGan.0044AC8F
0044ACCB  |>  EB 41       JMP SHORT WaGan.0044AD0E
0044ACCD  |>  C645 DC 00 MOV BYTE PTR SS:[EBP-24],0
0044ACD1  |.  EB 09       JMP SHORT WaGan.0044ACDC
0044ACD3  |>  8A55 DC    /MOV DL,BYTE PTR SS:[EBP-24]       从左到右
0044ACD6  |.  80C2 01    |ADD DL,1
0044ACD9  |.  8855 DC    |MOV BYTE PTR SS:[EBP-24],DL
0044ACDC  |>  8B45 DC       MOV EAX,DWORD PTR SS:[EBP-24]
0044ACDF  |.  25 FF000000 |AND EAX,0FF
0044ACE4  |.  8B4D E4    |MOV ECX,DWORD PTR SS:[EBP-1C]
0044ACE7  |.  81E1 FF000000 |AND ECX,0FF
0044ACED  |.  3BC1       |CMP EAX,ECX
0044ACEF  |.  7D 1D       |JGE SHORT WaGan.0044AD0E
0044ACF1  |.  E8 CE3D0300 |CALL WaGan.0047EAC4
0044ACF6  |.  8A55 E0    |MOV DL,BYTE PTR SS:[EBP-20]
0044ACF9  |.  52          |PUSH EDX                                  ; /Arg4
0044ACFA  |.  6A 01       |PUSH 1                                     ; |Arg3 = 00000001
0044ACFC  |.  6A 00       |PUSH 0                                     ; |Arg2 = 00000000
0044ACFE  |.  8A45 DC    |MOV AL,BYTE PTR SS:[EBP-24]                ; |
0044AD01  |.  50          |PUSH EAX                                  ; |Arg1
0044AD02  |.  B9 50424B00 |MOV ECX,WaGan.004B4250                      ; |
0044AD07  |.  E8 3C8E0000 |CALL WaGan.00453B48                         ; \WaGan.00453B48
0044AD0C  |.^ EB C5       \JMP SHORT WaGan.0044ACD3
0044AD0E  |>  8B4D E4    MOV ECX,DWORD PTR SS:[EBP-1C]
0044AD11  |.  81E1 FF000000 AND ECX,0FF
0044AD17  |.  6BC9 30    IMUL ECX,ECX,30
0044AD1A  |.  81F9 C0030000 CMP ECX,3C0             960
0044AD20  |.  7C 10       JL SHORT WaGan.0044AD32
0044AD22  |.  C745 D8 40000>MOV DWORD PTR SS:[EBP-28],40
0044AD29  |.  C745 C4 02000>MOV DWORD PTR SS:[EBP-3C],2
0044AD30  |.  EB 32       JMP SHORT WaGan.0044AD64
0044AD32  |>  8B55 E4    MOV EDX,DWORD PTR SS:[EBP-1C]
0044AD35  |.  81E2 FF000000 AND EDX,0FF
0044AD3B  |.  6BD2 30    IMUL EDX,EDX,30
0044AD3E  |.  81FA D0020000 CMP EDX,2D0                720
0044AD44  |.  7C 10       JL SHORT WaGan.0044AD56
0044AD46  |.  C745 D8 40000>MOV DWORD PTR SS:[EBP-28],40
0044AD4D  |.  C745 C4 02000>MOV DWORD PTR SS:[EBP-3C],2
0044AD54  |.  EB 0E       JMP SHORT WaGan.0044AD64
0044AD56  |>  C745 D8 30000>MOV DWORD PTR SS:[EBP-28],30
0044AD5D  |.  C745 C4 01000>MOV DWORD PTR SS:[EBP-3C],1
0044AD64  |>  8D45 F0    LEA EAX,DWORD PTR SS:[EBP-10]
0044AD67  |.  50          PUSH EAX                                     ; /pRect
0044AD68  |.  8B0D 686A4B00 MOV ECX,DWORD PTR DS:[4B6A68]                ; |
0044AD6E  |.  51          PUSH ECX                                     ; |hWnd => 001403A2 ('瓦岗山异闻录',class='{60CD5C01-B3F3-4e4a-B0E9-6D71...')
0044AD6F  |.  FF15 EC624800 CALL DWORD PTR DS:[<&USER32.GetClientRect>] ; \GetClientRect
0044AD75  |.  E8 6138FDFF CALL WaGan.0041E5DB
0044AD7A  |.  6A 01       PUSH 1
0044AD7C  |.  33D2       XOR EDX,EDX
0044AD7E  |.  837D 0C 00 CMP DWORD PTR SS:[EBP+C],0
0044AD82  |.  0F95C2       SETNE DL
0044AD85  |.  8B4495 E8    MOV EAX,DWORD PTR SS:[EBP+EDX*4-18]    --》文字
0044AD89  |.  50          PUSH EAX
0044AD8A  |.  8B4D 0C    MOV ECX,DWORD PTR SS:[EBP+C]
0044AD8D  |.  F7D9       NEG ECX
0044AD8F  |.  1BC9       SBB ECX,ECX
0044AD91  |.  83E1 10    AND ECX,10
0044AD94  |.  83C1 2A    ADD ECX,2A
0044AD97  |.  51          PUSH ECX
0044AD98  |.  6A 02       PUSH 2
0044AD9A  |.  8B55 D8    MOV EDX,DWORD PTR SS:[EBP-28]
0044AD9D  |.  52          PUSH EDX
0044AD9E  |.  83EC 10    SUB ESP,10
0044ADA1  |.  8BC4       MOV EAX,ESP                                  ; |
0044ADA3  |.  8B4D F0    MOV ECX,DWORD PTR SS:[EBP-10]                ; |
0044ADA6  |.  8908       MOV DWORD PTR DS:[EAX],ECX                   ; |
0044ADA8  |.  8B55 F4    MOV EDX,DWORD PTR SS:[EBP-C]                ; |
0044ADAB  |.  8950 04    MOV DWORD PTR DS:[EAX+4],EDX                ; |
0044ADAE  |.  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]                ; |
0044ADB1  |.  8948 08    MOV DWORD PTR DS:[EAX+8],ECX                ; |
0044ADB4  |.  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]                ; |
0044ADB7  |.  8950 0C    MOV DWORD PTR DS:[EAX+C],EDX                ; |
0044ADBA  |.  E8 393FFDFF CALL WaGan.0041ECF8                         ; \WaGan.0041ECF8
0044ADBF  |.  83C4 24    ADD ESP,24
0044ADC2  |.  6A 01       PUSH 1
0044ADC4  |.  33C0       XOR EAX,EAX
0044ADC6  |.  837D 0C 00 CMP DWORD PTR SS:[EBP+C],0
0044ADCA  |.  0F95C0       SETNE AL
0044ADCD  |.  8B4C85 E8    MOV ECX,DWORD PTR SS:[EBP+EAX*4-18]          文字
0044ADD1  |.  51          PUSH ECX
0044ADD2  |.  8B55 0C    MOV EDX,DWORD PTR SS:[EBP+C]
0044ADD5  |.  F7DA       NEG EDX
0044ADD7  |.  1BD2       SBB EDX,EDX
0044ADD9  |.  83E2 11    AND EDX,11
0044ADDC  |.  83C2 24    ADD EDX,24
0044ADDF  |.  52          PUSH EDX
0044ADE0  |.  6A 01       PUSH 1
0044ADE2  |.  8B45 D8    MOV EAX,DWORD PTR SS:[EBP-28]
0044ADE5  |.  50          PUSH EAX
0044ADE6  |.  83EC 10    SUB ESP,10
0044ADE9  |.  8BCC       MOV ECX,ESP                                  ; |
0044ADEB  |.  8B55 F0    MOV EDX,DWORD PTR SS:[EBP-10]                ; |
0044ADEE  |.  8911       MOV DWORD PTR DS:[ECX],EDX                   ; |
0044ADF0  |.  8B45 F4    MOV EAX,DWORD PTR SS:[EBP-C]                ; |
0044ADF3  |.  8941 04    MOV DWORD PTR DS:[ECX+4],EAX                ; |
0044ADF6  |.  8B55 F8    MOV EDX,DWORD PTR SS:[EBP-8]                ; |
0044ADF9  |.  8951 08    MOV DWORD PTR DS:[ECX+8],EDX                ; |
0044ADFC  |.  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]                ; |
0044ADFF  |.  8941 0C    MOV DWORD PTR DS:[ECX+C],EAX                ; |
0044AE02  |.  E8 F13EFDFF CALL WaGan.0041ECF8                         ; \WaGan.0041ECF8
0044AE07  |.  83C4 24    ADD ESP,24
0044AE0A  |.  6A 00       PUSH 0                                     ; /Arg3 = 00000000
0044AE0C  |.  6A 12       PUSH 12                                     ; |Arg2 = 00000012
0044AE0E  |.  6A 04       PUSH 4                                     ; |Arg1 = 00000004
0044AE10  |.  E8 24240300 CALL WaGan.0047D239                         ; \WaGan.0047D239
0044AE15  |.  83C4 0C    ADD ESP,0C
0044AE18  |.  6A 00       PUSH 0                                     ; /Arg7 = 00000000
0044AE1A  |.  6A 00       PUSH 0                                     ; |Arg6 = 00000000
0044AE1C  |.  6A 01       PUSH 1                                     ; |Arg5 = 00000001
0044AE1E  |.  33C9       XOR ECX,ECX                                  ; |
0044AE20  |.  837D 0C 00 CMP DWORD PTR SS:[EBP+C],0                   ; |
0044AE24  |.  0F95C1       SETNE CL                                     ; |
0044AE27  |.  8B548D E8    MOV EDX,DWORD PTR SS:[EBP+ECX*4-18]          ; |          文字内容
0044AE2B  |.  52          PUSH EDX                                     ; |Arg4
0044AE2C  |.  8B45 D8    MOV EAX,DWORD PTR SS:[EBP-28]                ; |
0044AE2F  |.  50          PUSH EAX                                     ; |Arg3
0044AE30  |.  8B45 D8    MOV EAX,DWORD PTR SS:[EBP-28]                ; |
0044AE33  |.  99          CDQ                                        ; |
0044AE34  |.  2BC2       SUB EAX,EDX                                  ; |
0044AE36  |.  D1F8       SAR EAX,1                                  ; |
0044AE38  |.  50          PUSH EAX                                     ; |Arg2
0044AE39  |.  8D4D F0    LEA ECX,DWORD PTR SS:[EBP-10]                ; |
0044AE3C  |.  51          PUSH ECX                                     ; |Arg1
0044AE3D  |.  E8 723BFDFF CALL WaGan.0041E9B4                         ; \WaGan.0041E9B4
0044AE42  |.  83C4 1C    ADD ESP,1C
0044AE45  |.  E8 AC37FDFF CALL WaGan.0041E5F6                      文字显示
0044AE4A  |.  837D 0C 00 CMP DWORD PTR SS:[EBP+C],0
0044AE4E  |.  0F85 01010000 JNZ WaGan.0044AF55 不需要显示回合数的跳转
0044AE54  |.  6A 0A       PUSH 0A                                     ; /Arg1 = 0000000A
0044AE56  |.  B9 181B4B00 MOV ECX,WaGan.004B1B18                      ; |
0044AE5B  |.  E8 E084FBFF CALL WaGan.00403340                         ; \WaGan.00403340
0044AE60  |.  E8 7B16FEFF CALL WaGan.0042C4E0
0044AE65  |.  8B55 D8    MOV EDX,DWORD PTR SS:[EBP-28]
0044AE68  |.  8B45 F4    MOV EAX,DWORD PTR SS:[EBP-C]
0044AE6B  |.  8D4C50 10    LEA ECX,DWORD PTR DS:[EAX+EDX*2+10]
0044AE6F  |.  894D F4    MOV DWORD PTR SS:[EBP-C],ECX
0044AE72  |.  8B55 08    MOV EDX,DWORD PTR SS:[EBP+8]
0044AE75  |.  81E2 FF000000 AND EDX,0FF
0044AE7B  |.  8B45 C0    MOV EAX,DWORD PTR SS:[EBP-40]
0044AE7E  |.  33C9       XOR ECX,ECX
0044AE80  |.  8A48 03    MOV CL,BYTE PTR DS:[EAX+3]
0044AE83  |.  3BD1       CMP EDX,ECX
0044AE85  |.  7C 14       JL SHORT WaGan.0044AE9B
0044AE87  |.  68 6CE14800 PUSH WaGan.0048E16C                         ; /Format = "最终回合"
0044AE8C  |.  8D55 C8    LEA EDX,DWORD PTR SS:[EBP-38]                ; |
0044AE8F  |.  52          PUSH EDX                                     ; |s
0044AE90  |.  FF15 C0624800 CALL DWORD PTR DS:[<&USER32.wsprintfA>]    ; \wsprintfA
0044AE96  |.  83C4 08    ADD ESP,8
0044AE99  |.  EB 1B       JMP SHORT WaGan.0044AEB6
0044AE9B  |>  8B45 08    MOV EAX,DWORD PTR SS:[EBP+8]
0044AE9E  |.  25 FF000000 AND EAX,0FF
0044AEA3  |.  50          PUSH EAX                                     ; /<%2u>
0044AEA4  |.  68 78E14800 PUSH WaGan.0048E178                         ; |Format = "第%2u回合"
0044AEA9  |.  8D4D C8    LEA ECX,DWORD PTR SS:[EBP-38]                ; |
0044AEAC  |.  51          PUSH ECX                                     ; |s
0044AEAD  |.  FF15 C0624800 CALL DWORD PTR DS:[<&USER32.wsprintfA>]    ; \wsprintfA
0044AEB3  |.  83C4 0C    ADD ESP,0C
0044AEB6  |>  E8 2037FDFF CALL WaGan.0041E5DB
0044AEBB  |.  6A 01       PUSH 1
0044AEBD  |.  8D55 C8    LEA EDX,DWORD PTR SS:[EBP-38]
0044AEC0  |.  52          PUSH EDX
0044AEC1  |.  6A 1F       PUSH 1F
0044AEC3  |.  6A 02       PUSH 2
0044AEC5  |.  8B45 D8    MOV EAX,DWORD PTR SS:[EBP-28]
0044AEC8  |.  50          PUSH EAX
0044AEC9  |.  83EC 10    SUB ESP,10
0044AECC  |.  8BCC       MOV ECX,ESP                                  ; |
0044AECE  |.  8B55 F0    MOV EDX,DWORD PTR SS:[EBP-10]                ; |
0044AED1  |.  8911       MOV DWORD PTR DS:[ECX],EDX                   ; |
0044AED3  |.  8B45 F4    MOV EAX,DWORD PTR SS:[EBP-C]                ; |
0044AED6  |.  8941 04    MOV DWORD PTR DS:[ECX+4],EAX                ; |
0044AED9  |.  8B55 F8    MOV EDX,DWORD PTR SS:[EBP-8]                ; |
0044AEDC  |.  8951 08    MOV DWORD PTR DS:[ECX+8],EDX                ; |
0044AEDF  |.  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]                ; |
0044AEE2  |.  8941 0C    MOV DWORD PTR DS:[ECX+C],EAX                ; |
0044AEE5  |.  E8 0E3EFDFF CALL WaGan.0041ECF8                         ; \WaGan.0041ECF8
0044AEEA  |.  83C4 24    ADD ESP,24
0044AEED  |.  6A 01       PUSH 1
0044AEEF  |.  8D4D C8    LEA ECX,DWORD PTR SS:[EBP-38]
0044AEF2  |.  51          PUSH ECX
0044AEF3  |.  6A 18       PUSH 18
0044AEF5  |.  6A 01       PUSH 1
0044AEF7  |.  8B55 D8    MOV EDX,DWORD PTR SS:[EBP-28]
0044AEFA  |.  52          PUSH EDX
0044AEFB  |.  83EC 10    SUB ESP,10
0044AEFE  |.  8BC4       MOV EAX,ESP                                  ; |
0044AF00  |.  8B4D F0    MOV ECX,DWORD PTR SS:[EBP-10]                ; |
0044AF03  |.  8908       MOV DWORD PTR DS:[EAX],ECX                   ; |
0044AF05  |.  8B55 F4    MOV EDX,DWORD PTR SS:[EBP-C]                ; |
0044AF08  |.  8950 04    MOV DWORD PTR DS:[EAX+4],EDX                ; |
0044AF0B  |.  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]                ; |
0044AF0E  |.  8948 08    MOV DWORD PTR DS:[EAX+8],ECX                ; |
0044AF11  |.  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]                ; |
0044AF14  |.  8950 0C    MOV DWORD PTR DS:[EAX+C],EDX                ; |
0044AF17  |.  E8 DC3DFDFF CALL WaGan.0041ECF8                         ; \WaGan.0041ECF8
0044AF1C  |.  83C4 24    ADD ESP,24
0044AF1F  |.  6A 00       PUSH 0                                     ; /Arg3 = 00000000
0044AF21  |.  6A 12       PUSH 12                                     ; |Arg2 = 00000012
0044AF23  |.  6A 04       PUSH 4                                     ; |Arg1 = 00000004
0044AF25  |.  E8 0F230300 CALL WaGan.0047D239                         ; \WaGan.0047D239
0044AF2A  |.  83C4 0C    ADD ESP,0C
0044AF2D  |.  6A 00       PUSH 0                                     ; /Arg7 = 00000000
0044AF2F  |.  6A 00       PUSH 0                                     ; |Arg6 = 00000000
0044AF31  |.  6A 01       PUSH 1                                     ; |Arg5 = 00000001
0044AF33  |.  8D45 C8    LEA EAX,DWORD PTR SS:[EBP-38]                ; |
0044AF36  |.  50          PUSH EAX                                     ; |Arg4
0044AF37  |.  8B4D D8    MOV ECX,DWORD PTR SS:[EBP-28]                ; |
0044AF3A  |.  51          PUSH ECX                                     ; |Arg3
0044AF3B  |.  8B45 D8    MOV EAX,DWORD PTR SS:[EBP-28]                ; |
0044AF3E  |.  99          CDQ                                        ; |
0044AF3F  |.  2BC2       SUB EAX,EDX                                  ; |
0044AF41  |.  D1F8       SAR EAX,1                                  ; |
0044AF43  |.  50          PUSH EAX                                     ; |Arg2
0044AF44  |.  8D55 F0    LEA EDX,DWORD PTR SS:[EBP-10]                ; |
0044AF47  |.  52          PUSH EDX                                     ; |Arg1
0044AF48  |.  E8 673AFDFF CALL WaGan.0041E9B4                         ; \WaGan.0041E9B4
0044AF4D  |.  83C4 1C    ADD ESP,1C
0044AF50  |.  E8 A136FDFF CALL WaGan.0041E5F6
0044AF55  |>  6A 14       PUSH 14                                     ; /Arg1 = 00000014
0044AF57  |.  B9 181B4B00 MOV ECX,WaGan.004B1B18                      ; |
0044AF5C  |.  E8 DF83FBFF CALL WaGan.00403340                         ; \WaGan.00403340
0044AF61  |.  E8 7A15FEFF CALL WaGan.0042C4E0
0044AF66  |.  837D 10 00 CMP DWORD PTR SS:[EBP+10],0
0044AF6A  |.  75 37       JNZ SHORT WaGan.0044AFA3
0044AF6C  |.  C645 DC 00 MOV BYTE PTR SS:[EBP-24],0
0044AF70  |.  EB 08       JMP SHORT WaGan.0044AF7A
0044AF72  |>  8A45 DC    /MOV AL,BYTE PTR SS:[EBP-24]
0044AF75  |.  04 01       |ADD AL,1
0044AF77  |.  8845 DC    |MOV BYTE PTR SS:[EBP-24],AL
0044AF7A  |>  8B4D DC       MOV ECX,DWORD PTR SS:[EBP-24]
0044AF7D  |.  81E1 FF000000 |AND ECX,0FF
0044AF83  |.  83F9 73    |CMP ECX,73
0044AF86  |.  7D 1B       |JGE SHORT WaGan.0044AFA3
0044AF88  |.  6A 06       |PUSH 6                                     ; /Arg1 = 00000006
0044AF8A  |.  8B4D DC    |MOV ECX,DWORD PTR SS:[EBP-24]             ; |
0044AF8D  |.  81E1 FF000000 |AND ECX,0FF                               ; |
0044AF93  |.  6BC9 24    |IMUL ECX,ECX,24                            ; |
0044AF96  |.  81C1 502C4B00 |ADD ECX,WaGan.004B2C50                      ; |
0044AF9C  |.  E8 EFB6FBFF |CALL WaGan.00406690                      ; \WaGan.00406690 恢复武将ecx行动
0044AFA1  |.^ EB CF       \JMP SHORT WaGan.0044AF72
0044AFA3  |>  8B4D C0    MOV ECX,DWORD PTR SS:[EBP-40]
0044AFA6  |.  E8 DFF8FFFF CALL WaGan.0044A88A
0044AFAB  |.  B9 50424B00 MOV ECX,WaGan.004B4250
0044AFB0  |.  E8 F66D0000 CALL WaGan.00451DAB
文字显示完后的黑屏回退
0044AFB5  |.  837D 0C 00 CMP DWORD PTR SS:[EBP+C],0
0044AFB9  |.  74 44       JE SHORT WaGan.0044AFFF
0044AFBB  |.  8A55 E4    MOV DL,BYTE PTR SS:[EBP-1C]
0044AFBE  |.  8855 DC    MOV BYTE PTR SS:[EBP-24],DL
0044AFC1  |.  EB 08       JMP SHORT WaGan.0044AFCB
0044AFC3  |>  8A45 DC    /MOV AL,BYTE PTR SS:[EBP-24]
0044AFC6  |.  2C 01       |SUB AL,1
0044AFC8  |.  8845 DC    |MOV BYTE PTR SS:[EBP-24],AL
0044AFCB  |>  8B4D DC       MOV ECX,DWORD PTR SS:[EBP-24]
0044AFCE  |.  81E1 FF000000 |AND ECX,0FF
0044AFD4  |.  85C9       |TEST ECX,ECX
0044AFD6  |.  7E 25       |JLE SHORT WaGan.0044AFFD
0044AFD8  |.  E8 E73A0300 |CALL WaGan.0047EAC4
0044AFDD  |.  8A55 E0    |MOV DL,BYTE PTR SS:[EBP-20]
0044AFE0  |.  52          |PUSH EDX                                  ; /Arg4
0044AFE1  |.  6A 01       |PUSH 1                                     ; |Arg3 = 00000001
0044AFE3  |.  6A 00       |PUSH 0                                     ; |Arg2 = 00000000
0044AFE5  |.  8B45 DC    |MOV EAX,DWORD PTR SS:[EBP-24]             ; |
0044AFE8  |.  25 FF000000 |AND EAX,0FF                               ; |
0044AFED  |.  83E8 01    |SUB EAX,1                                  ; |
0044AFF0  |.  50          |PUSH EAX                                  ; |Arg1
0044AFF1  |.  B9 50424B00 |MOV ECX,WaGan.004B4250                      ; |
0044AFF6  |.  E8 4D8B0000 |CALL WaGan.00453B48                         ; \WaGan.00453B48
0044AFFB  |.^ EB C6       \JMP SHORT WaGan.0044AFC3
0044AFFD  |>  EB 41       JMP SHORT WaGan.0044B040
0044AFFF  |>  C645 DC 00 MOV BYTE PTR SS:[EBP-24],0
0044B003  |.  EB 09       JMP SHORT WaGan.0044B00E
0044B005  |>  8A4D DC    /MOV CL,BYTE PTR SS:[EBP-24]
0044B008  |.  80C1 01    |ADD CL,1
0044B00B  |.  884D DC    |MOV BYTE PTR SS:[EBP-24],CL
0044B00E  |>  8B55 DC       MOV EDX,DWORD PTR SS:[EBP-24]
0044B011  |.  81E2 FF000000 |AND EDX,0FF
0044B017  |.  8B45 E4    |MOV EAX,DWORD PTR SS:[EBP-1C]
0044B01A  |.  25 FF000000 |AND EAX,0FF
0044B01F  |.  3BD0       |CMP EDX,EAX
0044B021  |.  7D 1D       |JGE SHORT WaGan.0044B040
0044B023  |.  E8 9C3A0300 |CALL WaGan.0047EAC4
0044B028  |.  8A4D E0    |MOV CL,BYTE PTR SS:[EBP-20]
0044B02B  |.  51          |PUSH ECX                                  ; /Arg4
0044B02C  |.  6A 01       |PUSH 1                                     ; |Arg3 = 00000001
0044B02E  |.  6A 00       |PUSH 0                                     ; |Arg2 = 00000000
0044B030  |.  8A55 DC    |MOV DL,BYTE PTR SS:[EBP-24]                ; |
0044B033  |.  52          |PUSH EDX                                  ; |Arg1
0044B034  |.  B9 50424B00 |MOV ECX,WaGan.004B4250                      ; |
0044B039  |.  E8 0A8B0000 |CALL WaGan.00453B48                         ; \WaGan.00453B48
0044B03E  |.^ EB C5       \JMP SHORT WaGan.0044B005
0044B040  |>  8BE5       MOV ESP,EBP
0044B042  |.  5D          POP EBP
0044B043  \.  C2 0C00    RETN 0C

[广告] 真诚支持说岳，携手共创辉煌


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#33

发表于 2007-12-30 21:28 资料个人空间短消息只看该作者

绝招的修改办法(也是新添加的功能原来sousou没有)

修改关键：

第一是：菜单始化的定义对话框初始化代码  ，图标显示代码

第二是：绑定消息对应宏消息绑定代码

第三是：消息响应代码    消息响应代码

0045BCC8 .  9FBC4500    DD WaGan.0045BC9F          3—50A就是绝招  这个就定义为5吧
0043E17B  |.  837D D0 03 |CMP DWORD PTR SS:[EBP-30],3                   增加一个消息响应了。
0043E17F  |.  77 32       |JA SHORT WaGan.0043E1B3 跳转到要相应的地方

鼠标单击产生的响应函数
0043DDE3  /$  55          PUSH EBP
0043DDE4  |.  8BEC       MOV EBP,ESP
0043DDE6  |.  83EC 34    SUB ESP,34
0043DDE9  |.  53          PUSH EBX
0043DDEA  |.  894D D4    MOV DWORD PTR SS:[EBP-2C],ECX
0043DDED  |.  8B45 D4    MOV EAX,DWORD PTR SS:[EBP-2C]
0043DDF0  |.  66:8B48 06 MOV CX,WORD PTR DS:[EAX+6]
0043DDF4  |.  66:894D F8 MOV WORD PTR SS:[EBP-8],CX
0043DDF8  |.  8B55 D4    MOV EDX,DWORD PTR SS:[EBP-2C]
0043DDFB  |.  33C0       XOR EAX,EAX
0043DDFD  |.  8A42 0F    MOV AL,BYTE PTR DS:[EDX+F]
0043DE00  |.  8945 FC    MOV DWORD PTR SS:[EBP-4],EAX
0043DE03  |.  8B4D D4    MOV ECX,DWORD PTR SS:[EBP-2C]
0043DE06  |.  E8 6501FEFF CALL WaGan.0041DF70
0043DE0B  |.  8845 EC    MOV BYTE PTR SS:[EBP-14],AL
0043DE0E  |.  C745 E8 00000>MOV DWORD PTR SS:[EBP-18],0
0043DE15  |.  C645 F4 00 MOV BYTE PTR SS:[EBP-C],0
0043DE19  |.  C645 E4 00 MOV BYTE PTR SS:[EBP-1C],0
0043DE1D  |.  B9 50424B00 MOV ECX,WaGan.004B4250
0043DE22  |.  E8 0B600100 CALL WaGan.00453E32
0043DE27  |.  8B0D 08754B00 MOV ECX,DWORD PTR DS:[4B7508]
0043DE2D  |.  51          PUSH ECX                                     ; /hWnd => NULL
0043DE2E  |.  FF15 C8624800 CALL DWORD PTR DS:[<&USER32.IsWindowVisible>] ; \IsWindowVisible
0043DE34  |.  85C0       TEST EAX,EAX
0043DE36  |.  74 11       JE SHORT WaGan.0043DE49
0043DE38  |.  8B4D D4    MOV ECX,DWORD PTR SS:[EBP-2C]
0043DE3B  |.  E8 30180200 CALL WaGan.0045F670
0043DE40  |.  50          PUSH EAX                                     ; /Arg1
0043DE41  |.  E8 4FB90300 CALL WaGan.00479795                            ; \WaGan.00479795
0043DE46  |.  83C4 04    ADD ESP,4
0043DE49  |>  8B4D D4    MOV ECX,DWORD PTR SS:[EBP-2C]
0043DE4C  |.  E8 E7F6FFFF CALL WaGan.0043D538
0043DE51  |.  85C0       TEST EAX,EAX
0043DE53  |.  75 07       JNZ SHORT WaGan.0043DE5C
0043DE55  |.  33C0       XOR EAX,EAX
0043DE57  |.  E9 02040000 JMP WaGan.0043E25E
0043DE5C  |>  8B55 D4    MOV EDX,DWORD PTR SS:[EBP-2C]
0043DE5F  |.  8B02       MOV EAX,DWORD PTR DS:[EDX]
0043DE61  |.  50          PUSH EAX                                     ; /Arg1
0043DE62  |.  B9 F05D4B00 MOV ECX,WaGan.004B5DF0                         ; |
0043DE67  |.  E8 E4170200 CALL WaGan.0045F650                            ; \WaGan.0045F650
0043DE6C  |.  B9 083D4B00 MOV ECX,WaGan.004B3D08
0043DE71  |.  E8 14CA0000 CALL WaGan.0044A88A
0043DE76  |.  8B4D D4    MOV ECX,DWORD PTR SS:[EBP-2C]
0043DE79  |.  8A51 07    MOV DL,BYTE PTR DS:[ECX+7]
0043DE7C  |.  52          PUSH EDX                                     ; /Arg2
0043DE7D  |.  8B45 D4    MOV EAX,DWORD PTR SS:[EBP-2C]                ; |
0043DE80  |.  8A48 06    MOV CL,BYTE PTR DS:[EAX+6]                   ; |
0043DE83  |.  51          PUSH ECX                                     ; |Arg1
0043DE84  |.  B9 985E4B00 MOV ECX,WaGan.004B5E98                         ; |
0043DE89  |.  E8 12DD0100 CALL WaGan.0045BBA0                            ; \WaGan.0045BBA0
0043DE8E  |.  6A 00       PUSH 0
0043DE90  |.  8B4D D4    MOV ECX,DWORD PTR SS:[EBP-2C]
0043DE93  |.  E8 261A0000 CALL WaGan.0043F8BE
0043DE98  |.  50          PUSH EAX                                     ; |Arg2
0043DE99  |.  8B55 D4    MOV EDX,DWORD PTR SS:[EBP-2C]                ; |
0043DE9C  |.  8A42 04    MOV AL,BYTE PTR DS:[EDX+4]                   ; |
0043DE9F  |.  50          PUSH EAX                                     ; |Arg1
0043DEA0  |.  E8 CE030000 CALL WaGan.0043E273                            ; \WaGan.0043E273
0043DEA5  |.  83C4 0C    ADD ESP,0C
0043DEA8  |.  25 FF000000 AND EAX,0FF
0043DEAD  |.  85C0       TEST EAX,EAX
0043DEAF  |.  74 0C       JE SHORT WaGan.0043DEBD
0043DEB1  |.  6A 01       PUSH 1                                        ; /Arg1 = 00000001
0043DEB3  |.  B9 985E4B00 MOV ECX,WaGan.004B5E98                         ; |
0043DEB8  |.  E8 83050000 CALL WaGan.0043E440                            ; \WaGan.0043E440
0043DEBD  |>  6A 33       PUSH 33                                        ; /Arg1 = 00000033
0043DEBF  |.  8B4D D4    MOV ECX,DWORD PTR SS:[EBP-2C]                ; |
0043DEC2  |.  8B09       MOV ECX,DWORD PTR DS:[ECX]                   ; |
0043DEC4  |.  6BC9 48    IMUL ECX,ECX,48                               ; |
0043DEC7  |.  81C1 0000D600 ADD ECX,0D60000                               ; |
0043DECD  |.  E8 379BFCFF CALL WaGan.00407A09                            ; \WaGan.00407A09
0043DED2  |.  85C0       TEST EAX,EAX
0043DED4  |.  0F84 61010000 JE WaGan.0043E03B
0043DEDA  |.  8D4D E0    LEA ECX,DWORD PTR SS:[EBP-20]
0043DEDD  |.  E8 2E180200 CALL WaGan.0045F710
0043DEE2  |.  C645 D8 00 MOV BYTE PTR SS:[EBP-28],0
0043DEE6  |.  EB 09       JMP SHORT WaGan.0043DEF1
0043DEE8  |>  8A55 D8    /MOV DL,BYTE PTR SS:[EBP-28]
0043DEEB  |.  80C2 01    |ADD DL,1
0043DEEE  |.  8855 D8    |MOV BYTE PTR SS:[EBP-28],DL
0043DEF1  |>  8B45 D8       MOV EAX,DWORD PTR SS:[EBP-28]
0043DEF4  |.  25 FF000000 |AND EAX,0FF
0043DEF9  |.  83F8 04    |CMP EAX,4
0043DEFC  |.  0F8D 39010000 |JGE WaGan.0043E03B
0043DF02  |.  837D E8 00 |CMP DWORD PTR SS:[EBP-18],0
0043DF06  |.  0F85 2F010000 |JNZ WaGan.0043E03B
0043DF0C  |.  8A4D D8    |MOV CL,BYTE PTR SS:[EBP-28]
0043DF0F  |.  51          |PUSH ECX                                     ; /Arg2
0043DF10  |.  8B55 D4    |MOV EDX,DWORD PTR SS:[EBP-2C]                ; |
0043DF13  |.  83C2 06    |ADD EDX,6                                     ; |
0043DF16  |.  52          |PUSH EDX                                     ; |Arg1
0043DF17  |.  E8 D97AFFFF |CALL WaGan.004359F5                         ; \WaGan.004359F5
0043DF1C  |.  83C4 08    |ADD ESP,8
0043DF1F  |.  50          |PUSH EAX                                     ; /Arg1
0043DF20  |.  8D4D E0    |LEA ECX,DWORD PTR SS:[EBP-20]                ; |
0043DF23  |.  E8 7886FCFF |CALL WaGan.004065A0                         ; \WaGan.004065A0
0043DF28  |.  8B45 E0    |MOV EAX,DWORD PTR SS:[EBP-20]
0043DF2B  |.  25 FF000000 |AND EAX,0FF
0043DF30  |.  3D FF000000 |CMP EAX,0FF
0043DF35  |.  0F84 FB000000 |JE WaGan.0043E036
0043DF3B  |.  8D4D E0    |LEA ECX,DWORD PTR SS:[EBP-20]
0043DF3E  |.  51          |PUSH ECX                                     ; /Arg1
0043DF3F  |.  E8 4079FFFF |CALL WaGan.00435884                         ; \WaGan.00435884
0043DF44  |.  83C4 04    |ADD ESP,4
0043DF47  |.  8845 DC    |MOV BYTE PTR SS:[EBP-24],AL
0043DF4A  |.  8B55 DC    |MOV EDX,DWORD PTR SS:[EBP-24]
0043DF4D  |.  81E2 FF000000 |AND EDX,0FF
0043DF53  |.  81FA FF000000 |CMP EDX,0FF
0043DF59  |.  0F84 D7000000 |JE WaGan.0043E036
0043DF5F  |.  C645 F0 00 |MOV BYTE PTR SS:[EBP-10],0
0043DF63  |.  EB 08       |JMP SHORT WaGan.0043DF6D
0043DF65  |>  8A45 F0    |/MOV AL,BYTE PTR SS:[EBP-10]
0043DF68  |.  04 01       ||ADD AL,1
0043DF6A  |.  8845 F0    ||MOV BYTE PTR SS:[EBP-10],AL
0043DF6D  |>  8B4D F0    | MOV ECX,DWORD PTR SS:[EBP-10]
0043DF70  |.  81E1 FF000000 ||AND ECX,0FF
0043DF76  |.  83F9 44    ||CMP ECX,44
0043DF79  |.  0F8D B7000000 ||JGE WaGan.0043E036
0043DF7F  |.  8B4D DC    ||MOV ECX,DWORD PTR SS:[EBP-24]
0043DF82  |.  81E1 FF000000 ||AND ECX,0FF
0043DF88  |.  6BC9 24    ||IMUL ECX,ECX,24
0043DF8B  |.  81C1 502C4B00 ||ADD ECX,WaGan.004B2C50
0043DF91  |.  E8 DAFFFDFF ||CALL WaGan.0041DF70
0043DF96  |.  25 FF000000 ||AND EAX,0FF
0043DF9B  |.  50          ||PUSH EAX                                     ; /Arg1
0043DF9C  |.  8B4D F0    ||MOV ECX,DWORD PTR SS:[EBP-10]                ; |
0043DF9F  |.  81E1 FF000000 ||AND ECX,0FF                                  ; |
0043DFA5  |.  6BC9 46    ||IMUL ECX,ECX,46                            ; |
0043DFA8  |.  81C1 C0F44A00 ||ADD ECX,WaGan.004AF4C0                      ; |
0043DFAE  |.  E8 CDB5FCFF ||CALL WaGan.00409580                         ; \WaGan.00409580
0043DFB3  |.  25 FF000000 ||AND EAX,0FF
0043DFB8  |.  85C0       ||TEST EAX,EAX
0043DFBA  |.  74 75       ||JE SHORT WaGan.0043E031
0043DFBC  |.  8B4D DC    ||MOV ECX,DWORD PTR SS:[EBP-24]
0043DFBF  |.  81E1 FF000000 ||AND ECX,0FF
0043DFC5  |.  6BC9 24    ||IMUL ECX,ECX,24
0043DFC8  |.  81C1 502C4B00 ||ADD ECX,WaGan.004B2C50
0043DFCE  |.  E8 9DFFFDFF ||CALL WaGan.0041DF70
0043DFD3  |.  25 FF000000 ||AND EAX,0FF
0043DFD8  |.  50          ||PUSH EAX                                     ; /Arg1
0043DFD9  |.  8B4D F0    ||MOV ECX,DWORD PTR SS:[EBP-10]                ; |
0043DFDC  |.  81E1 FF000000 ||AND ECX,0FF                                  ; |
0043DFE2  |.  6BC9 46    ||IMUL ECX,ECX,46                            ; |
0043DFE5  |.  81C1 C0F44A00 ||ADD ECX,WaGan.004AF4C0                      ; |
0043DFEB  |.  E8 90B5FCFF ||CALL WaGan.00409580                         ; \WaGan.00409580
0043DFF0  |.  8AD8       ||MOV BL,AL
0043DFF2  |.  81E3 FF000000 ||AND EBX,0FF
0043DFF8  |.  8B4D DC    ||MOV ECX,DWORD PTR SS:[EBP-24]
0043DFFB  |.  81E1 FF000000 ||AND ECX,0FF
0043E001  |.  6BC9 24    ||IMUL ECX,ECX,24
0043E004  |.  81C1 502C4B00 ||ADD ECX,WaGan.004B2C50
0043E00A  |.  E8 61160200 ||CALL WaGan.0045F670
0043E00F  |.  8BC8       ||MOV ECX,EAX
0043E011  |.  6BC9 48    ||IMUL ECX,ECX,48
0043E014  |.  81C1 0000D600 ||ADD ECX,0D60000
0043E01A  |.  E8 B185FCFF ||CALL WaGan.004065D0
0043E01F  |.  25 FF000000 ||AND EAX,0FF
0043E024  |.  3BD8       ||CMP EBX,EAX
0043E026  |.  7F 09       ||JG SHORT WaGan.0043E031
0043E028  |.  C745 E8 01000>||MOV DWORD PTR SS:[EBP-18],1
0043E02F  |.  EB 05       ||JMP SHORT WaGan.0043E036
0043E031  |>^ E9 2FFFFFFF |\JMP WaGan.0043DF65
0043E036  |>^ E9 ADFEFFFF \JMP WaGan.0043DEE8
0043E03B  |>  C645 F0 00 MOV BYTE PTR SS:[EBP-10],0
0043E03F  |.  EB 09       JMP SHORT WaGan.0043E04A
0043E041  |>  8A55 F0    /MOV DL,BYTE PTR SS:[EBP-10]
0043E044  |.  80C2 01    |ADD DL,1
0043E047  |.  8855 F0    |MOV BYTE PTR SS:[EBP-10],DL
0043E04A  |>  8B45 F0       MOV EAX,DWORD PTR SS:[EBP-10]
0043E04D  |.  25 FF000000 |AND EAX,0FF
0043E052  |.  83F8 44    |CMP EAX,44
0043E055  |.  0F8D 83000000 |JGE WaGan.0043E0DE
0043E05B  |.  837D E8 00 |CMP DWORD PTR SS:[EBP-18],0
0043E05F  |.  75 7D       |JNZ SHORT WaGan.0043E0DE
0043E061  |.  8B4D EC    |MOV ECX,DWORD PTR SS:[EBP-14]
0043E064  |.  81E1 FF000000 |AND ECX,0FF
0043E06A  |.  51          |PUSH ECX                                     ; /Arg1
0043E06B  |.  8B4D F0    |MOV ECX,DWORD PTR SS:[EBP-10]                ; |
0043E06E  |.  81E1 FF000000 |AND ECX,0FF                                  ; |
0043E074  |.  6BC9 46    |IMUL ECX,ECX,46                               ; |
0043E077  |.  81C1 C0F44A00 |ADD ECX,WaGan.004AF4C0                      ; |
0043E07D  |.  E8 FEB4FCFF |CALL WaGan.00409580                         ; \WaGan.00409580
0043E082  |.  25 FF000000 |AND EAX,0FF
0043E087  |.  85C0       |TEST EAX,EAX
0043E089  |.  74 4E       |JE SHORT WaGan.0043E0D9
0043E08B  |.  8B55 EC    |MOV EDX,DWORD PTR SS:[EBP-14]
0043E08E  |.  81E2 FF000000 |AND EDX,0FF
0043E094  |.  52          |PUSH EDX                                     ; /Arg1
0043E095  |.  8B4D F0    |MOV ECX,DWORD PTR SS:[EBP-10]                ; |
0043E098  |.  81E1 FF000000 |AND ECX,0FF                                  ; |
0043E09E  |.  6BC9 46    |IMUL ECX,ECX,46                               ; |
0043E0A1  |.  81C1 C0F44A00 |ADD ECX,WaGan.004AF4C0                      ; |
0043E0A7  |.  E8 D4B4FCFF |CALL WaGan.00409580                         ; \WaGan.00409580
0043E0AC  |.  8AD8       |MOV BL,AL
0043E0AE  |.  81E3 FF000000 |AND EBX,0FF
0043E0B4  |.  8B45 D4    |MOV EAX,DWORD PTR SS:[EBP-2C]
0043E0B7  |.  8B08       |MOV ECX,DWORD PTR DS:[EAX]
0043E0B9  |.  6BC9 48    |IMUL ECX,ECX,48
0043E0BC  |.  81C1 0000D600 |ADD ECX,0D60000
0043E0C2  |.  E8 0985FCFF |CALL WaGan.004065D0
0043E0C7  |.  25 FF000000 |AND EAX,0FF
0043E0CC  |.  3BD8       |CMP EBX,EAX
0043E0CE  |.  7F 09       |JG SHORT WaGan.0043E0D9
0043E0D0  |.  C745 E8 01000>|MOV DWORD PTR SS:[EBP-18],1
0043E0D7  |.  EB 05       |JMP SHORT WaGan.0043E0DE
0043E0D9  |>^ E9 63FFFFFF \JMP WaGan.0043E041
0043E0DE  |>  837D E8 00 CMP DWORD PTR SS:[EBP-18],0
0043E0E2  |.  74 0C       JE SHORT WaGan.0043E0F0
0043E0E4  |.  6A 01       PUSH 1                                        ; /Arg1 = 00000001
0043E0E6  |.  B9 985E4B00 MOV ECX,WaGan.004B5E98                         ; |
0043E0EB  |.  E8 2070FFFF CALL WaGan.00435110                            ; \WaGan.00435110
0043E0F0  |>  B9 70074B00 MOV ECX,WaGan.004B0770
0043E0F5  |.  E8 F4F8FCFF CALL WaGan.0040D9EE
0043E0FA  |.  85C0       TEST EAX,EAX
0043E0FC  |.  74 0C       JE SHORT WaGan.0043E10A
0043E0FE  |.  6A 01       PUSH 1                                        ; /Arg1 = 00000001
0043E100  |.  B9 985E4B00 MOV ECX,WaGan.004B5E98                         ; |
0043E105  |.  E8 56030000 CALL WaGan.0043E460                            ; \WaGan.0043E460
0043E10A  |>  6A 01       PUSH 1                                        ; /Arg1 = 00000001
0043E10C  |.  B9 985E4B00 MOV ECX,WaGan.004B5E98                         ; |
0043E111  |.  E8 1A70FFFF CALL WaGan.00435130                            ; \WaGan.00435130
0043E116  |>  6A 02       /PUSH 2                                        ; /Arg1 = 00000002
0043E118  |.  8B4D D4    |MOV ECX,DWORD PTR SS:[EBP-2C]                ; |
0043E11B  |.  E8 D079FEFF |CALL WaGan.00425AF0                         ; \WaGan.00425AF0
0043E120  |.  85C0       |TEST EAX,EAX
0043E122  |.  0F85 90000000 |JNZ WaGan.0043E1B8
0043E128  |.  8B4D F4    |MOV ECX,DWORD PTR SS:[EBP-C]
0043E12B  |.  81E1 FF000000 |AND ECX,0FF
0043E131  |.  81F9 FF000000 |CMP ECX,0FF
0043E137  |.  74 7F       |JE SHORT WaGan.0043E1B8
0043E139  |.  E8 5C050200 |CALL WaGan.0045E69A                这个地方去读了4B5eBC的值出来了。

0043E13E  |.  8845 F4    |MOV BYTE PTR SS:[EBP-C],AL
0043E141  |.  6A 00       |PUSH 0                                        ; /lParam = 0
0043E143  |.  6A 00       |PUSH 0                                        ; |wParam = 0
0043E145  |.  68 02020000 |PUSH 202                                     ; |Message = WM_LBUTTONUP
0043E14A  |.  8B15 686A4B00 |MOV EDX,DWORD PTR DS:[4B6A68]                ; |
0043E150  |.  52          |PUSH EDX                                     ; |hWnd => NULL
0043E151  |.  FF15 F4624800 |CALL DWORD PTR DS:[<&USER32.SendMessageA>]    ; \SendMessageA
0043E157  |.  8B45 F4    |MOV EAX,DWORD PTR SS:[EBP-C]
0043E15A  |.  25 FF000000 |AND EAX,0FF
0043E15F  |.  3D FF000000 |CMP EAX,0FF
0043E164  |.  74 4D       |JE SHORT WaGan.0043E1B3
0043E166  |.  8B4D F4    |MOV ECX,DWORD PTR SS:[EBP-C]
0043E169  |.  81E1 FF000000 |AND ECX,0FF
0043E16F  |.  894D D0    |MOV DWORD PTR SS:[EBP-30],ECX
0043E172  |.  8B55 D0    |MOV EDX,DWORD PTR SS:[EBP-30]
0043E175  |.  83EA 01    |SUB EDX,1
0043E178  |.  8955 D0    |MOV DWORD PTR SS:[EBP-30],EDX
0043E17B  |.  837D D0 03 |CMP DWORD PTR SS:[EBP-30],3                   增加一个消息响应了。
0043E17F  |.  77 32       |JA SHORT WaGan.0043E1B3 跳转到要相应的地方
0043E181  |.  8B45 D0    |MOV EAX,DWORD PTR SS:[EBP-30]
0043E184  |.  FF2485 63E243>|JMP DWORD PTR DS:[EAX*4+43E263]             ;  判断
0043E18B  |>  8B4D D4    |MOV ECX,DWORD PTR SS:[EBP-2C]
0043E18E  |.  E8 47F9FFFF |CALL WaGan.0043DADA                         ;  攻击
0043E193  |.  EB 1E       |JMP SHORT WaGan.0043E1B3
0043E195  |>  8B4D D4    |MOV ECX,DWORD PTR SS:[EBP-2C]
0043E198  |.  E8 84FAFFFF |CALL WaGan.0043DC21                         ;  策略
0043E19D  |.  EB 14       |JMP SHORT WaGan.0043E1B3
0043E19F  |>  8B4D D4    |MOV ECX,DWORD PTR SS:[EBP-2C]
0043E1A2  |.  E8 35FBFFFF |CALL WaGan.0043DCDC                         ;  道具
0043E1A7  |.  EB 0A       |JMP SHORT WaGan.0043E1B3
0043E1A9  |>  6A 06       |PUSH 6                                        ; /Arg1 = 00000006
0043E1AB  |.  8B4D D4    |MOV ECX,DWORD PTR SS:[EBP-2C]                ; |
0043E1AE  |.  E8 65450000 |CALL WaGan.00442718                         ; \WaGan.00442718--待命
0043E1B3  |>^ E9 5EFFFFFF \JMP WaGan.0043E116
0043E1B8  |>  8B4D F4    MOV ECX,DWORD PTR SS:[EBP-C]
0043E1BB  |.  81E1 FF000000 AND ECX,0FF
0043E1C1  |.  81F9 FF000000 CMP ECX,0FF
0043E1C7  |.  75 53       JNZ SHORT WaGan.0043E21C
0043E1C9  |.  6A 04       PUSH 4                                        ; /Arg1 = 00000004
0043E1CB  |.  8B4D D4    MOV ECX,DWORD PTR SS:[EBP-2C]                ; |
0043E1CE  |.  E8 BD84FCFF CALL WaGan.00406690                            ; \WaGan.00406690
0043E1D3  |.  6A 00       PUSH 0                                        ; /Arg3 = 00000000
0043E1D5  |.  6A 00       PUSH 0                                        ; |Arg2 = 00000000
0043E1D7  |.  8D55 F8    LEA EDX,DWORD PTR SS:[EBP-8]                   ; |
0043E1DA  |.  52          PUSH EDX                                     ; |Arg1
0043E1DB  |.  8B4D D4    MOV ECX,DWORD PTR SS:[EBP-2C]                ; |
0043E1DE  |.  E8 DD6EFFFF CALL WaGan.004350C0                            ; \WaGan.004350C0
0043E1E3  |.  8B45 D4    MOV EAX,DWORD PTR SS:[EBP-2C]
0043E1E6  |.  8A4D FC    MOV CL,BYTE PTR SS:[EBP-4]
0043E1E9  |.  8848 0F    MOV BYTE PTR DS:[EAX+F],CL
0043E1EC  |.  8B55 D4    MOV EDX,DWORD PTR SS:[EBP-2C]
0043E1EF  |.  33C0       XOR EAX,EAX
0043E1F1  |.  8A42 0F    MOV AL,BYTE PTR DS:[EDX+F]
0043E1F4  |.  83F8 01    CMP EAX,1
0043E1F7  |.  75 0C       JNZ SHORT WaGan.0043E205
0043E1F9  |.  6A 01       PUSH 1                                        ; /Arg1 = 00000001
0043E1FB  |.  8B4D D4    MOV ECX,DWORD PTR SS:[EBP-2C]                ; |
0043E1FE  |.  E8 311B0000 CALL WaGan.0043FD34                            ; \WaGan.0043FD34
0043E203  |.  EB 17       JMP SHORT WaGan.0043E21C
0043E205  |>  8B4D D4    MOV ECX,DWORD PTR SS:[EBP-2C]
0043E208  |.  33D2       XOR EDX,EDX
0043E20A  |.  8A51 0F    MOV DL,BYTE PTR DS:[ECX+F]
0043E20D  |.  83FA 03    CMP EDX,3
0043E210  |.  75 0A       JNZ SHORT WaGan.0043E21C
0043E212  |.  6A 00       PUSH 0                                        ; /Arg1 = 00000000
0043E214  |.  8B4D D4    MOV ECX,DWORD PTR SS:[EBP-2C]                ; |
0043E217  |.  E8 181B0000 CALL WaGan.0043FD34                            ; \WaGan.0043FD34
0043E21C  |>  8B4D D4    MOV ECX,DWORD PTR SS:[EBP-2C]
0043E21F  |.  E8 A51A0000 CALL WaGan.0043FCC9
0043E224  |.  B9 083D4B00 MOV ECX,WaGan.004B3D08
0043E229  |.  E8 5CC60000 CALL WaGan.0044A88A
0043E22E  |.  8B45 F4    MOV EAX,DWORD PTR SS:[EBP-C]
0043E231  |.  25 FF000000 AND EAX,0FF
0043E236  |.  3D FF000000 CMP EAX,0FF
0043E23B  |.  74 17       JE SHORT WaGan.0043E254
0043E23D  |.  6A 02       PUSH 2                                        ; /Arg1 = 00000002
0043E23F  |.  8B4D D4    MOV ECX,DWORD PTR SS:[EBP-2C]                ; |
0043E242  |.  E8 A978FEFF CALL WaGan.00425AF0                            ; \WaGan.00425AF0
0043E247  |.  85C0       TEST EAX,EAX
0043E249  |.  74 09       JE SHORT WaGan.0043E254
0043E24B  |.  C745 CC 01000>MOV DWORD PTR SS:[EBP-34],1
0043E252  |.  EB 07       JMP SHORT WaGan.0043E25B
0043E254  |>  C745 CC 00000>MOV DWORD PTR SS:[EBP-34],0
0043E25B  |>  8B45 CC    MOV EAX,DWORD PTR SS:[EBP-34]
0043E25E  |>  5B          POP EBX
0043E25F  |.  8BE5       MOV ESP,EBP
0043E261  |.  5D          POP EBP
0043E262  \.  C3          RETN
0043E263 .  8BE14300    DD WaGan.0043E18B                            ;  分支表被用于 0043E184
0043E267 .  95E14300    DD WaGan.0043E195
0043E26B .  9FE14300    DD WaGan.0043E19F
0043E26F .  A9E14300    DD WaGan.0043E1A9

0045BC05  /$  55          PUSH EBP
0045BC06  |.  8BEC       MOV EBP,ESP
0045BC08  |.  51          PUSH ECX
0045BC09  |.  894D FC    MOV DWORD PTR SS:[EBP-4],ECX
0045BC0C  |.  A1 686A4B00 MOV EAX,DWORD PTR DS:[4B6A68]    存放句柄的地址
0045BC11  |.  50          PUSH EAX                               ; /Arg2 => 00000000
0045BC12  |.  68 17010000 PUSH 117                               ; |Arg1 = 00000117
0045BC17  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]          ; |
0045BC1A  |.  E8 79140100 CALL WaGan.0046D098                   ; \WaGan.0046D098
0045BC1F  |.  8BE5       MOV ESP,EBP
0045BC21  |.  5D          POP EBP
0045BC22  \.  C3          RETN

0046D098  /$  55          PUSH EBP
0046D099  |.  8BEC       MOV EBP,ESP
0046D09B  |.  51          PUSH ECX
0046D09C  |.  894D FC    MOV DWORD PTR SS:[EBP-4],ECX
0046D09F  |.  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
0046D0A2  |.  50          PUSH EAX                               ; /lParam
0046D0A3  |.  68 F8D04600 PUSH WaGan.0046D0F8                   ; |DlgProc = WaGan.0046D0F8
0046D0A8  |.  8B4D 0C    MOV ECX,DWORD PTR SS:[EBP+C]          ; |
0046D0AB  |.  51          PUSH ECX                               ; |hOwner
0046D0AC  |.  8B55 08    MOV EDX,DWORD PTR SS:[EBP+8]          ; |
0046D0AF  |.  81E2 FFFF0000 AND EDX,0FFFF                         ; |
0046D0B5  |.  52          PUSH EDX                               ; |pTemplate
0046D0B6  |.  A1 606A4B00 MOV EAX,DWORD PTR DS:[4B6A60]          ; |
0046D0BB  |.  50          PUSH EAX                               ; |hInst => NULL
0046D0BC  |.  FF15 A0624800 CALL DWORD PTR DS:[<&USER32.DialogBoxPar>; \DialogBoxParamA
0046D0C2  |.  8BE5       MOV ESP,EBP
0046D0C4  |.  5D          POP EBP
0046D0C5  \.  C2 0800    RETN 8

//OnCreate函数
0045BADB  /$  55          PUSH EBP
0045BADC  |.  8BEC       MOV EBP,ESP
0045BADE  |.  51          PUSH ECX
0045BADF  |.  894D FC    MOV DWORD PTR SS:[EBP-4],ECX
0045BAE2  |.  8B45 08    MOV EAX,DWORD PTR SS:[EBP+8]
0045BAE5  |.  50          PUSH EAX                            ; /Arg1
0045BAE6  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]       ; |
0045BAE9  |.  83C1 24    ADD ECX,24                         ; |
0045BAEC  |.  E8 5F3B0000 CALL WaGan.0045F650                ; \WaGan.0045F650
0045BAF1  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
0045BAF4  |.  83C1 24    ADD ECX,24
0045BAF7  |.  E8 BFFEFFFF CALL WaGan.0045B9BB
0045BAFC  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
0045BAFF  |.  C741 40 01000>MOV DWORD PTR DS:[ECX+40],1

0045BB06  |.  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]
0045BB09  |.  8B42 34    MOV EAX,DWORD PTR DS:[EDX+34]
0045BB0C  |.  50          PUSH EAX
0045BB0D  |.  68 07050000 PUSH 507 攻击
0045BB12  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
0045BB15  |.  83C1 24    ADD ECX,24
0045BB18  |.  E8 533B0000 CALL WaGan.0045F670
0045BB1D  |.  50          PUSH EAX                            ; ||hWnd
0045BB1E  |.  FF15 DC624800 CALL DWORD PTR DS:[<&USER32.GetDlgIte>; |\GetDlgItem CALL DWORD PTR DS:[4862DC]
0045BB24  |.  50          PUSH EAX                            ; |hWnd
0045BB25  |.  FF15 E8624800 CALL DWORD PTR DS:[<&USER32.EnableWin>; \EnableWindow  CALL DWORD PTR DS:[4862E8]

0045BB2B  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
0045BB2E  |.  8B51 38    MOV EDX,DWORD PTR DS:[ECX+38]
0045BB31  |.  52          PUSH EDX
0045BB32  |.  68 08050000 PUSH 508 策略
0045BB37  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
0045BB3A  |.  83C1 24    ADD ECX,24
0045BB3D  |.  E8 2E3B0000 CALL WaGan.0045F670
0045BB42  |.  50          PUSH EAX                            ; ||hWnd
0045BB43  |.  FF15 DC624800 CALL DWORD PTR DS:[<&USER32.GetDlgIte>; |\GetDlgItem
0045BB49  |.  50          PUSH EAX                            ; |hWnd
0045BB4A  |.  FF15 E8624800 CALL DWORD PTR DS:[<&USER32.EnableWin>; \EnableWindow

0045BB50  |.  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
0045BB53  |.  8B48 3C    MOV ECX,DWORD PTR DS:[EAX+3C]
0045BB56  |.  51          PUSH ECX
0045BB57  |.  68 09050000 PUSH 509 道具
0045BB5C  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
0045BB5F  |.  83C1 24    ADD ECX,24
0045BB62  |.  E8 093B0000 CALL WaGan.0045F670
0045BB67  |.  50          PUSH EAX                            ; ||hWnd
0045BB68  |.  FF15 DC624800 CALL DWORD PTR DS:[<&USER32.GetDlgIte>; |\GetDlgItem
0045BB6E  |.  50          PUSH EAX                            ; |hWnd
0045BB6F  |.  FF15 E8624800 CALL DWORD PTR DS:[<&USER32.EnableWin>; \EnableWindow

0045BB75  |.  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]
0045BB78  |.  8B42 40    MOV EAX,DWORD PTR DS:[EDX+40]
0045BB7B  |.  50          PUSH EAX
0045BB7C  |.  68 0B050000 PUSH 50B 待命
0045BB81  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
0045BB84  |.  83C1 24    ADD ECX,24
0045BB87  |.  E8 E43A0000 CALL WaGan.0045F670
0045BB8C  |.  50          PUSH EAX                            ; ||hWnd
0045BB8D  |.  FF15 DC624800 CALL DWORD PTR DS:[<&USER32.GetDlgIte>; |\GetDlgItem
0045BB93  |.  50          PUSH EAX                            ; |hWnd
0045BB94  |.  FF15 E8624800 CALL DWORD PTR DS:[<&USER32.EnableWin>; \EnableWindow

0045BB9A  |.  8BE5       MOV ESP,EBP
0045BB9C  |.  5D          POP EBP
0045BB9D  \.  C2 0400    RETN 4

//加载DLL，CmdIction
0040B338  /$  55          PUSH EBP
0040B339  |.  8BEC       MOV EBP,ESP
0040B33B  |.  83EC 08    SUB ESP,8
0040B33E  |.  894D F8    MOV DWORD PTR SS:[EBP-8],ECX
0040B341  |.  8B45 08    MOV EAX,DWORD PTR SS:[EBP+8]
0040B344  |.  50          PUSH EAX                                        ; /Arg1
0040B345  |.  E8 8ADB0000 CALL WaGan.00418ED4                            ; \WaGan.00418ED4
0040B34A  |.  83C4 04    ADD ESP,4
0040B34D  |.  50          PUSH EAX                                        ; /FileName
0040B34E  |.  FF15 24614800 CALL DWORD PTR DS:[<&KERNEL32.LoadLibraryA>]    ; \LoadLibraryA
0040B354  |.  8945 FC    MOV DWORD PTR SS:[EBP-4],EAX
0040B357  |.  6A 64       PUSH 64                                        ; /Arg5 = 00000064
0040B359  |.  8B4D 14    MOV ECX,DWORD PTR SS:[EBP+14]                   ; |
0040B35C  |.  51          PUSH ECX                                        ; |Arg4
0040B35D  |.  8B55 10    MOV EDX,DWORD PTR SS:[EBP+10]                   ; |
0040B360  |.  52          PUSH EDX                                        ; |Arg3
0040B361  |.  8B45 0C    MOV EAX,DWORD PTR SS:[EBP+C]                   ; |
0040B364  |.  50          PUSH EAX                                        ; |Arg2 = 00000004 这个数字，绝定了是加载四个进来
0040B365  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]                   ; |
0040B368  |.  51          PUSH ECX                                        ; |Arg1
0040B369  |.  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]                   ; |
0040B36C  |.  E8 2DFEFFFF CALL WaGan.0040B19E                            ; \WaGan.0040B19E
0040B371  |.  8B55 F8    MOV EDX,DWORD PTR SS:[EBP-8]
0040B374  |.  8902       MOV DWORD PTR DS:[EDX],EAX
0040B376  |.  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
0040B379  |.  50          PUSH EAX                                        ; /hLibModule
0040B37A  |.  FF15 1C614800 CALL DWORD PTR DS:[<&KERNEL32.FreeLibrary>]    ; \FreeLibrary
0040B380  |.  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]
0040B383  |.  8B01       MOV EAX,DWORD PTR DS:[ECX]
0040B385  |.  8BE5       MOV ESP,EBP
0040B387  |.  5D          POP EBP
0040B388  \.  C2 1400    RETN 14

//加载DLL图的地方
0040B283  |> /8B45 E0    /MOV EAX,DWORD PTR SS:[EBP-20]
0040B286  |. |83C0 01    |ADD EAX,1
0040B289  |. |8945 E0    |MOV DWORD PTR SS:[EBP-20],EAX
0040B28C  |> |8B4D E0       MOV ECX,DWORD PTR SS:[EBP-20]
0040B28F  |. |3B4D 0C    |CMP ECX,DWORD PTR SS:[EBP+C]这里比较跳出了。
0040B292  |. |7D 7A       |JGE SHORT WaGan.0040B30E
0040B294  |. |837D 14 01 |CMP DWORD PTR SS:[EBP+14],1
0040B298  |. |7F 0F       |JG SHORT WaGan.0040B2A9
0040B29A  |. |8B55 E0    |MOV EDX,DWORD PTR SS:[EBP-20]
0040B29D  |. |8B45 14    |MOV EAX,DWORD PTR SS:[EBP+14]
0040B2A0  |. |8D4C50 64    |LEA ECX,DWORD PTR DS:[EAX+EDX*2+64]
0040B2A4  |. |894D B8    |MOV DWORD PTR SS:[EBP-48],ECX
0040B2A7  |. |EB 09       |JMP SHORT WaGan.0040B2B2
0040B2A9  |> |8B55 E0    |MOV EDX,DWORD PTR SS:[EBP-20]
0040B2AC  |. |83C2 64    |ADD EDX,64
0040B2AF  |. |8955 B8    |MOV DWORD PTR SS:[EBP-48],EDX
0040B2B2  |> |8B45 B8    |MOV EAX,DWORD PTR SS:[EBP-48]
0040B2B5  |. |50          |PUSH EAX                                     ; /Arg2 = 00000065 这个参数就是100,101,102,103
0040B2B6  |. |8B4D 08    |MOV ECX,DWORD PTR SS:[EBP+8]                   ; |
0040B2B9  |. |51          |PUSH ECX                                     ; |Arg1
0040B2BA  |. |8D4D C4    |LEA ECX,DWORD PTR SS:[EBP-3C]                ; |
0040B2BD  |. |E8 5BE4FFFF |CALL WaGan.0040971D                            ; \WaGan.0040971D
0040B2C2  |. |837D 10 00 |CMP DWORD PTR SS:[EBP+10],0
0040B2C6  |. |74 22       |JE SHORT WaGan.0040B2EA
0040B2C8  |. |6A 00       |PUSH 0                                        ; /Arg1 = 00000000
0040B2CA  |. |8D4D C4    |LEA ECX,DWORD PTR SS:[EBP-3C]                ; |
0040B2CD  |. |E8 B8F2FFFF |CALL WaGan.0040A58A                            ; \WaGan.0040A58A
0040B2D2  |. |50          |PUSH EAX
0040B2D3  |. |8D4D C4    |LEA ECX,DWORD PTR SS:[EBP-3C]
0040B2D6  |. |E8 41F2FFFF |CALL WaGan.0040A51C
0040B2DB  |. |50          |PUSH EAX                                     ; |hImageBmp
0040B2DC  |. |8B55 BC    |MOV EDX,DWORD PTR SS:[EBP-44]                ; |
0040B2DF  |. |8B02       |MOV EAX,DWORD PTR DS:[EDX]                   ; |
0040B2E1  |. |50          |PUSH EAX                                     ; |hIml
0040B2E2  |. |FF15 10604800 |CALL DWORD PTR DS:[<&COMCTL32.ImageList_Add>] ; \ImageList_Add
0040B2E8  |. |EB 17       |JMP SHORT WaGan.0040B301
0040B2EA  |> |6A 00       |PUSH 0
0040B2EC  |. |8D4D C4    |LEA ECX,DWORD PTR SS:[EBP-3C]
0040B2EF  |. |E8 28F2FFFF |CALL WaGan.0040A51C
0040B2F4  |. |50          |PUSH EAX                                     ; |hImageBmp
0040B2F5  |. |8B4D BC    |MOV ECX,DWORD PTR SS:[EBP-44]                ; |
0040B2F8  |. |8B11       |MOV EDX,DWORD PTR DS:[ECX]                   ; |
0040B2FA  |. |52          |PUSH EDX                                     ; |hIml
0040B2FB  |. |FF15 10604800 |CALL DWORD PTR DS:[<&COMCTL32.ImageList_Add>] ; \ImageList_Add
0040B301  |> |8D4D C4    |LEA ECX,DWORD PTR SS:[EBP-3C]
0040B304  |. |E8 A1E9FFFF |CALL WaGan.00409CAA
0040B309  |.^\E9 75FFFFFF \JMP WaGan.0040B283

0040B30E  |>  8B45 BC    MOV EAX,DWORD PTR SS:[EBP-44]
0040B311  |.  8B08       MOV ECX,DWORD PTR DS:[EAX]
0040B313  |.  894D C0    MOV DWORD PTR SS:[EBP-40],ECX
0040B316  |.  C745 FC FFFFF>MOV DWORD PTR SS:[EBP-4],-1
0040B31D  |.  8D4D C4    LEA ECX,DWORD PTR SS:[EBP-3C]
0040B320  |.  E8 6B050000 CALL WaGan.0040B890
0040B325  |.  8B45 C0    MOV EAX,DWORD PTR SS:[EBP-40]
0040B328  |.  8B4D F4    MOV ECX,DWORD PTR SS:[EBP-C]
0040B32B  |.  64:890D 00000>MOV DWORD PTR FS:[0],ECX
0040B332  |.  8BE5       MOV ESP,EBP
0040B334  |.  5D          POP EBP
0040B335  \.  C2 1400    RETN 14

//初始化对话框的代码
0046D2C5  |> \8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]          //ECX=4B5E98 ;  WaGan.004B5E98
0046D2C8  |.  8B11       MOV EDX,DWORD PTR DS:[ECX] //EDX=4867C8
0046D2CA  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
0046D2CD  |.  FF52 08    CALL DWORD PTR DS:[EDX+8] //46E982,处理光标
0046D2D0  |.  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
0046D2D3  |.  8B10       MOV EDX,DWORD PTR DS:[EAX]
0046D2D5  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
0046D2D8  |.  FF52 0C    CALL DWORD PTR DS:[EDX+C] //处理Item
0046D2DB  |.  E9 EA000000 JMP WaGan.0046D3CA

//对话框消息表
0045BC23  /.  55          PUSH EBP
0045BC24  |.  8BEC       MOV EBP,ESP
0045BC26  |.  83EC 0C    SUB ESP,0C
0045BC29  |.  894D FC    MOV DWORD PTR SS:[EBP-4],ECX
0045BC2C  |.  8B45 08    MOV EAX,DWORD PTR SS:[EBP+8]
0045BC2F  |.  8945 F8    MOV DWORD PTR SS:[EBP-8],EAX
0045BC32  |.  817D F8 11010>CMP DWORD PTR SS:[EBP-8],111
0045BC39  |.  74 02       JE SHORT WaGan.0045BC3D
0045BC3B  |.  EB 62       JMP SHORT WaGan.0045BC9F
0045BC3D  |>  8B4D 0C    MOV ECX,DWORD PTR SS:[EBP+C]
0045BC40  |.  81E1 FFFF0000 AND ECX,0FFFF
0045BC46  |.  894D F4    MOV DWORD PTR SS:[EBP-C],ECX
0045BC49  |.  8B55 F4    MOV EDX,DWORD PTR SS:[EBP-C]
0045BC4C  |.  81EA 07050000 SUB EDX,507
0045BC52  |.  8955 F4    MOV DWORD PTR SS:[EBP-C],EDX
0045BC55  |.  837D F4 04 CMP DWORD PTR SS:[EBP-C],4
0045BC59  |.  77 44       JA SHORT WaGan.0045BC9F
0045BC5B  |.  8B45 F4    MOV EAX,DWORD PTR SS:[EBP-C]
0045BC5E  |.  FF2485 BCBC45>JMP DWORD PTR DS:[EAX*4+45BCBC]                ;  WaGan.0045BC9F
0045BCBC    65BC4500    DD WaGan.0045BC65          攻击
0045BCC0 .  74BC4500    DD WaGan.0045BC74          策略
0045BCC4 .  83BC4500    DD WaGan.0045BC83             道具
0045BCC8 .  9FBC4500    DD WaGan.0045BC9F          3—50A就是绝招  这个就定义为5吧
0045BCCC .  92BC4500    DD WaGan.0045BC92             待命

0045BC65  |>  6A 01       PUSH 1                                        ; /Arg1 = 00000001
0045BC67  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]                   ; |
0045BC6A  |.  83C1 24    ADD ECX,24                                     ; |
0045BC6D  |.  E8 42FEFFFF CALL WaGan.0045BAB4                            ; \WaGan.0045BAB4
0045BC72  |.  EB 2B       JMP SHORT WaGan.0045BC9F

0045BC74  |>  6A 02       PUSH 2                                        ; /Arg1 = 00000002
0045BC76  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]                   ; |
0045BC79  |.  83C1 24    ADD ECX,24                                     ; |
0045BC7C  |.  E8 33FEFFFF CALL WaGan.0045BAB4                            ; \WaGan.0045BAB4
0045BC81  |.  EB 1C       JMP SHORT WaGan.0045BC9F

0045BC83  |>  6A 03       PUSH 3                                        ; /Arg1 = 00000003
0045BC85  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]                   ; |
0045BC88  |.  83C1 24    ADD ECX,24                                     ; |
0045BC8B  |.  E8 24FEFFFF CALL WaGan.0045BAB4                            ; \WaGan.0045BAB4
0045BC90  |.  EB 0D       JMP SHORT WaGan.0045BC9F

0045BC92  |>  6A 04       PUSH 4                                        ; /Arg1 = 00000004
0045BC94  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]                   ; |
0045BC97  |.  83C1 24    ADD ECX,24                                     ; |
0045BC9A  |.  E8 15FEFFFF CALL WaGan.0045BAB4                            ; \WaGan.0045BAB4

0045BC9F  |>  8B4D 10    MOV ECX,DWORD PTR SS:[EBP+10]
0045BCA2  |.  51          PUSH ECX
0045BCA3  |.  8B55 0C    MOV EDX,DWORD PTR SS:[EBP+C]
0045BCA6  |.  52          PUSH EDX
0045BCA7  |.  8B45 08    MOV EAX,DWORD PTR SS:[EBP+8]
0045BCAA  |.  50          PUSH EAX
0045BCAB  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
0045BCAE  |.  8B11       MOV EDX,DWORD PTR DS:[ECX]
0045BCB0  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
0045BCB3  |.  FF52 04    CALL DWORD PTR DS:[EDX+4]
0045BCB6  |.  8BE5       MOV ESP,EBP
0045BCB8  |.  5D          POP EBP
0045BCB9  \.  C2 0C00    RETN 0C

///对话框处理函数
0046D0F8  /.  55          PUSH EBP
0046D0F9  |.  8BEC       MOV EBP,ESP
0046D0FB  |.  6A FF       PUSH -1
0046D0FD  |.  68 33594800 PUSH WaGan.00485933                   ;  SE 处理程序安装
0046D102  |.  64:A1 0000000>MOV EAX,DWORD PTR FS:[0]
0046D108  |.  50          PUSH EAX
0046D109  |.  64:8925 00000>MOV DWORD PTR FS:[0],ESP
0046D110  |.  83EC 14    SUB ESP,14
0046D113  |.  8B45 0C    MOV EAX,DWORD PTR SS:[EBP+C]
0046D116  |.  8945 E4    MOV DWORD PTR SS:[EBP-1C],EAX
0046D119  |.  817D E4 10010>CMP DWORD PTR SS:[EBP-1C],110 初始化消息
0046D120  |.  74 02       JE SHORT WaGan.0046D124
0046D122  |.  EB 69       JMP SHORT WaGan.0046D18D
0046D124  |>  833D E8684B00>CMP DWORD PTR DS:[4B68E8],0
0046D12B  |.  75 44       JNZ SHORT WaGan.0046D171
0046D12D  |.  6A 04       PUSH 4
0046D12F  |.  E8 AC3E0100 CALL WaGan.00480FE0
0046D134  |.  83C4 04    ADD ESP,4
0046D137  |.  8945 EC    MOV DWORD PTR SS:[EBP-14],EAX
0046D13A  |.  C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0
0046D141  |.  837D EC 00 CMP DWORD PTR SS:[EBP-14],0
0046D145  |.  74 0D       JE SHORT WaGan.0046D154
0046D147  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]
0046D14A  |.  E8 71E7F9FF CALL WaGan.0040B8C0
0046D14F  |.  8945 E0    MOV DWORD PTR SS:[EBP-20],EAX
0046D152  |.  EB 07       JMP SHORT WaGan.0046D15B
0046D154  |>  C745 E0 00000>MOV DWORD PTR SS:[EBP-20],0
0046D15B  |>  8B4D E0    MOV ECX,DWORD PTR SS:[EBP-20]
0046D15E  |.  894D E8    MOV DWORD PTR SS:[EBP-18],ECX
0046D161  |.  C745 FC FFFFF>MOV DWORD PTR SS:[EBP-4],-1
0046D168  |.  8B55 E8    MOV EDX,DWORD PTR SS:[EBP-18]
0046D16B  |.  8915 E8684B00 MOV DWORD PTR DS:[4B68E8],EDX
0046D171  |>  8B45 14    MOV EAX,DWORD PTR SS:[EBP+14]
0046D174  |.  50          PUSH EAX                               ; /Arg2
0046D175  |.  8B4D 08    MOV ECX,DWORD PTR SS:[EBP+8]          ; |
0046D178  |.  51          PUSH ECX                               ; |Arg1
0046D179  |.  8B0D E8684B00 MOV ECX,DWORD PTR DS:[4B68E8]          ; |
0046D17F  |.  E8 C953FFFF CALL WaGan.0046254D                   ; \WaGan.0046254D
0046D184  |.  8B55 14    MOV EDX,DWORD PTR SS:[EBP+14]
0046D187  |.  8B45 08    MOV EAX,DWORD PTR SS:[EBP+8]
0046D18A  |.  8942 04    MOV DWORD PTR DS:[EDX+4],EAX
0046D18D  |>  833D E8684B00>CMP DWORD PTR DS:[4B68E8],0
0046D194  |.  74 2D       JE SHORT WaGan.0046D1C3
0046D196  |.  8D4D F0    LEA ECX,DWORD PTR SS:[EBP-10]
0046D199  |.  51          PUSH ECX                               ; /Arg2
0046D19A  |.  8B55 08    MOV EDX,DWORD PTR SS:[EBP+8]          ; |
0046D19D  |.  52          PUSH EDX                               ; |Arg1
0046D19E  |.  8B0D E8684B00 MOV ECX,DWORD PTR DS:[4B68E8]          ; |
0046D1A4  |.  E8 A754FFFF CALL WaGan.00462650                   ; \WaGan.00462650
0046D1A9  |.  85C0       TEST EAX,EAX
0046D1AB  |.  74 16       JE SHORT WaGan.0046D1C3
0046D1AD  |.  8B45 14    MOV EAX,DWORD PTR SS:[EBP+14]
0046D1B0  |.  50          PUSH EAX                               ; /Arg3
0046D1B1  |.  8B4D 10    MOV ECX,DWORD PTR SS:[EBP+10]          ; |
0046D1B4  |.  51          PUSH ECX                               ; |Arg2
0046D1B5  |.  8B55 0C    MOV EDX,DWORD PTR SS:[EBP+C]          ; |
0046D1B8  |.  52          PUSH EDX                               ; |Arg1
0046D1B9  |.  8B4D F0    MOV ECX,DWORD PTR SS:[EBP-10]          ; |
0046D1BC  |.  E8 6D000000 CALL WaGan.0046D22E                   ; \WaGan.0046D22E 处理消息的函数
0046D1C1  |.  EB 02       JMP SHORT WaGan.0046D1C5
0046D1C3  |>  33C0       XOR EAX,EAX
0046D1C5  |>  8B4D F4    MOV ECX,DWORD PTR SS:[EBP-C]
0046D1C8  |.  64:890D 00000>MOV DWORD PTR FS:[0],ECX
0046D1CF  |.  8BE5       MOV ESP,EBP
0046D1D1  |.  5D          POP EBP
0046D1D2  \.  C2 1000    RETN 10

点策略的响应函数
0046EAFC  /$  55          PUSH EBP
0046EAFD  |.  8BEC       MOV EBP,ESP
0046EAFF  |.  51          PUSH ECX
0046EB00  |.  894D FC    MOV DWORD PTR SS:[EBP-4],ECX
0046EB03  |.  8B45 08    MOV EAX,DWORD PTR SS:[EBP+8]
0046EB06  |.  50          PUSH EAX                               ; /Arg2
0046EB07  |.  68 1A010000 PUSH 11A                               ; |Arg1 = 0000011A
0046EB0C  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]          ; |
0046EB0F  |.  E8 84E5FFFF CALL WaGan.0046D098                   ; \WaGan.0046D098
0046EB14  |.  8BE5       MOV ESP,EBP
0046EB16  |.  5D          POP EBP
0046EB17  \.  C2 0400    RETN 4

点道具的响应处
0043DCDC  /$  55          PUSH EBP
0043DCDD  |.  8BEC       MOV EBP,ESP
0043DCDF  |.  83EC 0C    SUB ESP,0C
0043DCE2  |.  894D F4    MOV DWORD PTR SS:[EBP-C],ECX
0043DCE5  |.  C645 FC FF MOV BYTE PTR SS:[EBP-4],0FF

0043DCE9  |>  6A 02       /PUSH 2                               ; /Arg1 = 00000002
0043DCEB  |.  8B4D F4    |MOV ECX,DWORD PTR SS:[EBP-C]          ; |
0043DCEE  |.  E8 FD7DFEFF |CALL WaGan.00425AF0                   ; \WaGan.00425AF0
0043DCF3  |.  85C0       |TEST EAX,EAX
0043DCF5  |.  75 30       |JNZ SHORT WaGan.0043DD27
0043DCF7  |.  8B45 F4    |MOV EAX,DWORD PTR SS:[EBP-C]
0043DCFA  |.  50          |PUSH EAX                               ; /Arg1
0043DCFB  |.  E8 2B000000 |CALL WaGan.0043DD2B                   ; \WaGan.0043DD2B  消息响应函数
0043DD00  |.  83C4 04    |ADD ESP,4
0043DD03  |.  8845 F8    |MOV BYTE PTR SS:[EBP-8],AL
0043DD06  |.  8B4D F8    |MOV ECX,DWORD PTR SS:[EBP-8]
0043DD09  |.  81E1 FF000000 |AND ECX,0FF
0043DD0F  |.  81F9 FF000000 |CMP ECX,0FF
0043DD15  |.  75 02       |JNZ SHORT WaGan.0043DD19
0043DD17  |.  EB 0E       |JMP SHORT WaGan.0043DD27
0043DD19  |>  8A55 F8    |MOV DL,BYTE PTR SS:[EBP-8]
0043DD1C  |.  52          |PUSH EDX                               ; /Arg1
0043DD1D  |.  8B4D F4    |MOV ECX,DWORD PTR SS:[EBP-C]          ; |
0043DD20  |.  E8 83000000 |CALL WaGan.0043DDA8                   ; \WaGan.0043DDA8
0043DD25  |.^ EB C2       \JMP SHORT WaGan.0043DCE9
0043DD27  |>  8BE5       MOV ESP,EBP
0043DD29  |.  5D          POP EBP
0043DD2A  \.  C3          RETN
0043DD2B  /$  55          PUSH EBP
0043DD2C  |.  8BEC       MOV EBP,ESP
0043DD2E  |.  6A FF       PUSH -1
0043DD30  |.  68 E2534800 PUSH WaGan.004853E2                   ;  SE 处理程序安装
0043DD35  |.  64:A1 0000000>MOV EAX,DWORD PTR FS:[0]
0043DD3B  |.  50          PUSH EAX
0043DD3C  |.  64:8925 00000>MOV DWORD PTR FS:[0],ESP
0043DD43  |.  81EC 04010000 SUB ESP,104
0043DD49  |.  8D8D F4FEFFFF LEA ECX,DWORD PTR SS:[EBP-10C]
0043DD4F  |.  E8 EC050000 CALL WaGan.0043E340
0043DD54  |.  C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0
0043DD5B  |.  8B45 08    MOV EAX,DWORD PTR SS:[EBP+8]
0043DD5E  |.  50          PUSH EAX                               ; /Arg1
0043DD5F  |.  8D8D F4FEFFFF LEA ECX,DWORD PTR SS:[EBP-10C]          ; |
0043DD65  |.  E8 A64C0300 CALL WaGan.00472A10                   ; \WaGan.00472A10
0043DD6A  |.  8B0D 686A4B00 MOV ECX,DWORD PTR DS:[4B6A68]
0043DD70  |.  51          PUSH ECX                               ; /Arg1 => 00000000
0043DD71  |.  8D8D F4FEFFFF LEA ECX,DWORD PTR SS:[EBP-10C]          ; |
0043DD77  |.  E8 2D0E0300 CALL WaGan.0046EBA9                   ; \WaGan.0046EBA9
0043DD7C  |.  8985 F0FEFFFF MOV DWORD PTR SS:[EBP-110],EAX
0043DD82  |.  C745 FC FFFFF>MOV DWORD PTR SS:[EBP-4],-1
0043DD89  |.  8D8D F4FEFFFF LEA ECX,DWORD PTR SS:[EBP-10C]
0043DD8F  |.  E8 0C060000 CALL WaGan.0043E3A0
0043DD94  |.  8B85 F0FEFFFF MOV EAX,DWORD PTR SS:[EBP-110]
0043DD9A  |.  8B4D F4    MOV ECX,DWORD PTR SS:[EBP-C]
0043DD9D  |.  64:890D 00000>MOV DWORD PTR FS:[0],ECX
0043DDA4  |.  8BE5       MOV ESP,EBP
0043DDA6  |.  5D          POP EBP
0043DDA7  \.  C3          RETN

0046EBA9  /$  55          PUSH EBP
0046EBAA  |.  8BEC       MOV EBP,ESP
0046EBAC  |.  51          PUSH ECX
0046EBAD  |.  894D FC    MOV DWORD PTR SS:[EBP-4],ECX
0046EBB0  |.  8B45 08    MOV EAX,DWORD PTR SS:[EBP+8]
0046EBB3  |.  50          PUSH EAX                               ; /Arg2
0046EBB4  |.  68 F2000000 PUSH 0F2                               ; |Arg1 = 000000F2 对话框编号
0046EBB9  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]          ; |
0046EBBC  |.  E8 D7E4FFFF CALL WaGan.0046D098                   ; \WaGan.0046D098
0046EBC1  |.  8BE5       MOV ESP,EBP
0046EBC3  |.  5D          POP EBP
0046EBC4  \.  C2 0400    RETN 4

0045BD05  /.  55          PUSH EBP
0045BD06  |.  8BEC       MOV EBP,ESP
0045BD08  |.  83EC 14    SUB ESP,14
0045BD0B  |.  894D F0    MOV DWORD PTR SS:[EBP-10],ECX
0045BD0E  |.  8B45 0C    MOV EAX,DWORD PTR SS:[EBP+C]
0045BD11  |.  50          PUSH EAX                               ; /hWnd
0045BD12  |.  FF15 94634800 CALL DWORD PTR DS:[<&USER32.GetDlgCtrlID>>; \GetDlgCtrlID
0045BD18  |.  8945 EC    MOV DWORD PTR SS:[EBP-14],EAX
0045BD1B  |.  817D EC 07050>CMP DWORD PTR SS:[EBP-14],507
0045BD22  |.  7F 11       JG SHORT WaGan.0045BD35
0045BD24  |.  817D EC 07050>CMP DWORD PTR SS:[EBP-14],507
0045BD2B  |.  74 25       JE SHORT WaGan.0045BD52
0045BD2D  |.  837D EC 02 CMP DWORD PTR SS:[EBP-14],2
0045BD31  |.  74 43       JE SHORT WaGan.0045BD76
0045BD33  |.  EB 59       JMP SHORT WaGan.0045BD8E
0045BD35  |>  817D EC 08050>CMP DWORD PTR SS:[EBP-14],508
0045BD3C  |.  74 1D       JE SHORT WaGan.0045BD5B
0045BD3E  |.  817D EC 09050>CMP DWORD PTR SS:[EBP-14],509
0045BD45  |.  74 1D       JE SHORT WaGan.0045BD64
0045BD47  |.  817D EC 0B050>CMP DWORD PTR SS:[EBP-14],50B
0045BD4E  |.  74 1D       JE SHORT WaGan.0045BD6D
0045BD50  |.  EB 3C       JMP SHORT WaGan.0045BD8E
0045BD52  |>  C745 F4 00000>MOV DWORD PTR SS:[EBP-C],0
0045BD59  |.  EB 33       JMP SHORT WaGan.0045BD8E
0045BD5B  |>  C745 F4 01000>MOV DWORD PTR SS:[EBP-C],1
0045BD62  |.  EB 2A       JMP SHORT WaGan.0045BD8E
0045BD64  |>  C745 F4 02000>MOV DWORD PTR SS:[EBP-C],2
0045BD6B  |.  EB 21       JMP SHORT WaGan.0045BD8E
0045BD6D  |>  C745 F4 03000>MOV DWORD PTR SS:[EBP-C],3
0045BD74  |.  EB 18       JMP SHORT WaGan.0045BD8E
0045BD76  |>  6A 00       PUSH 0                                  ; /Arg5 = 00000000
0045BD78  |.  6A 00       PUSH 0                                  ; |Arg4 = 00000000
0045BD7A  |.  6A 01       PUSH 1                                  ; |Arg3 = 00000001
0045BD7C  |.  8B4D 0C    MOV ECX,DWORD PTR SS:[EBP+C]             ; |
0045BD7F  |.  51          PUSH ECX                               ; |Arg2
0045BD80  |.  8B55 08    MOV EDX,DWORD PTR SS:[EBP+8]             ; |
0045BD83  |.  52          PUSH EDX                               ; |Arg1
0045BD84  |.  E8 F85B0100 CALL WaGan.00471981                      ; \WaGan.00471981
0045BD89  |.  83C4 14    ADD ESP,14
0045BD8C  |.  EB 2F       JMP SHORT WaGan.0045BDBD
0045BD8E  |>  8B45 F4    MOV EAX,DWORD PTR SS:[EBP-C]
0045BD91  |.  50          PUSH EAX
0045BD92  |.  B9 1C2E4900 MOV ECX,WaGan.00492E1C
0045BD97  |.  E8 D4380000 CALL WaGan.0045F670
0045BD9C  |.  50          PUSH EAX                               ; |Arg1
0045BD9D  |.  8D4D F8    LEA ECX,DWORD PTR SS:[EBP-8]             ; |
0045BDA0  |.  E8 99F9FAFF CALL WaGan.0040B73E                      ; \WaGan.0040B73E
0045BDA5  |.  6A 00       PUSH 0                                  ; /Arg5 = 00000000
0045BDA7  |.  8D4D F8    LEA ECX,DWORD PTR SS:[EBP-8]             ; |
0045BDAA  |.  51          PUSH ECX                               ; |Arg4
0045BDAB  |.  6A 01       PUSH 1                                  ; |Arg3 = 00000001
0045BDAD  |.  8B55 0C    MOV EDX,DWORD PTR SS:[EBP+C]             ; |
0045BDB0  |.  52          PUSH EDX                               ; |Arg2
0045BDB1  |.  8B45 08    MOV EAX,DWORD PTR SS:[EBP+8]             ; |
0045BDB4  |.  50          PUSH EAX                               ; |Arg1
0045BDB5  |.  E8 C75B0100 CALL WaGan.00471981                      ; \WaGan.00471981
0045BDBA  |.  83C4 14    ADD ESP,14
0045BDBD  |>  8BE5       MOV ESP,EBP
0045BDBF  |.  5D          POP EBP
0045BDC0  \.  C2 0800    RETN 8

[广告] 真诚支持说岳，携手共创辉煌


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#34

发表于 2007-12-30 21:28 资料个人空间短消息只看该作者

剧本指令调用解析

内存:  492F90处
   492F90+C处，是当前剧本指令指针  (一个一个读) 0x492F9C 改这个值就对了。
   492F90+20处，是当前剧本指针  （C00650）

如何改：剧本传入的字节数+[492FB0]就对了

004D002    55             PUSH EBP
004D002F 8BEC          MOV EBP,ESP

004D1013 6A 02          PUSH 前缀
004D1015 8B4D 08       MOV ECX,DWORD PTR SS:[EBP+8]
004D1018 E8 DA73F4FF    CALL WaGan.004183F7
CMP EAX,80000000
JNZ SHORT A:
Jmp 结束处
         A:  add eax,dword ptr ds:[ 492F9C]
MOV DWORD PTR DS:[492F9C],EAX


004D0031 A1 B02F4900    MOV EAX,DWORD PTR DS:[492FB0]
004D0036 83C0 37       ADD EAX,37
004D0039 A3 9C2F4900    MOV DWORD PTR DS:[492F9C],EAX
004D003E B8 01000000    MOV EAX,1
004D0043 8BE5          MOV ESP,EBP
004D0045 5D             POP EBP
004D0046 C3             RETN

0040BBA8  /$  55          PUSH EBP
0040BBA9  |.  8BEC       MOV EBP,ESP
0040BBAB  |>  A1 9CBF4A00 /MOV EAX,DWORD PTR DS:[4ABF9C]
0040BBB0  |.  83E0 6E    |AND EAX,6E
0040BBB3  |.  85C0       |TEST EAX,EAX
0040BBB5  |.  75 17       |JNZ SHORT WaGan.0040BBCE
0040BBB7  |.  833D 9CBF4A00>|CMP DWORD PTR DS:[4ABF9C],2
0040BBBE  |.  74 0C       |JE SHORT WaGan.0040BBCC
0040BBC0  |.  6A 00       |PUSH 0                               ; /Arg1 = 00000000
0040BBC2  |.  B9 902F4900 |MOV ECX,WaGan.00492F90                ; |
0040BBC7  |.  E8 F5C40000 |CALL WaGan.004180C1                   ; \WaGan.004180C1
0040BBCC  |>^ EB DD       \JMP SHORT WaGan.0040BBAB
0040BBCE  |>  5D          POP EBP
0040BBCF  \.  C3          RETN

004105A8  /$  55          PUSH EBP
004105A9  |.  8BEC       MOV EBP,ESP
004105AB  |.  83EC 2C    SUB ESP,2C
004105AE  |.  894D E4    MOV DWORD PTR SS:[EBP-1C],ECX
004105B1  |.  C745 F8 01000>MOV DWORD PTR SS:[EBP-8],1
004105B8  |.  C745 EC 00000>MOV DWORD PTR SS:[EBP-14],0
004105BF  |.  C745 F4 00000>MOV DWORD PTR SS:[EBP-C],0
004105C6  |.  C745 FC 03000>MOV DWORD PTR SS:[EBP-4],3
004105CD  |.  8B45 E4    MOV EAX,DWORD PTR SS:[EBP-1C]
004105D0  |.  8B48 14    MOV ECX,DWORD PTR DS:[EAX+14]
004105D3  |.  3B4D 08    CMP ECX,DWORD PTR SS:[EBP+8]
004105D6  |.  7E 0C       JLE SHORT WaGan.004105E4
004105D8  |.  C745 FC 01000>MOV DWORD PTR SS:[EBP-4],1
004105DF  |.  E9 1F020000 JMP WaGan.00410803
004105E4  |>  8B55 E4    MOV EDX,DWORD PTR SS:[EBP-1C]
004105E7  |.  C742 14 FFFFF>MOV DWORD PTR DS:[EDX+14],-1
004105EE  |>  8B45 E4    MOV EAX,DWORD PTR SS:[EBP-1C]
004105F1  |.  8378 34 00 CMP DWORD PTR DS:[EAX+34],0
004105F5  |.  74 0C       JE SHORT WaGan.00410603
004105F7  |.  8B4D E4    MOV ECX,DWORD PTR SS:[EBP-1C]
004105FA  |.  E8 E3F6FFFF CALL WaGan.0040FCE2
004105FF  |.  66:8945 E8 MOV WORD PTR SS:[EBP-18],AX
00410603  |>  8B4D E4    MOV ECX,DWORD PTR SS:[EBP-1C]
00410606  |.  8B11       MOV EDX,DWORD PTR DS:[ECX]
00410608  |.  8B4D E4    MOV ECX,DWORD PTR SS:[EBP-1C]
0041060B  |.  FF52 10    CALL DWORD PTR DS:[EDX+10]
0041060E  |.  66:8945 F0 MOV WORD PTR SS:[EBP-10],AX
00410612  |.  8B45 E4    MOV EAX,DWORD PTR SS:[EBP-1C]
00410615  |.  8B10       MOV EDX,DWORD PTR DS:[EAX]
00410617  |.  8B4D E4    MOV ECX,DWORD PTR SS:[EBP-1C]
0041061A  |.  FF52 08    CALL DWORD PTR DS:[EDX+8]
0041061D  |.  8945 FC    MOV DWORD PTR SS:[EBP-4],EAX
00410620  |.  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
00410623  |.  8945 E0    MOV DWORD PTR SS:[EBP-20],EAX
00410626  |.  837D E0 09 CMP DWORD PTR SS:[EBP-20],9
0041062A  |.  0F87 29010000 JA WaGan.00410759 大于9的返回值  基本上等于是有问题的了
00410630  |.  8B4D E0    MOV ECX,DWORD PTR SS:[EBP-20]
00410633  |.  FF248D 0E0841>JMP DWORD PTR DS:[ECX*4+41080E]
0041080E .  3A064100    DD WaGan.0041063A  00  条件不成立eax
00410812 .  3F064100    DD WaGan.0041063F 01  条件成立
00410816 .  44064100    DD WaGan.00410644 02
0041081A .  62064100    DD WaGan.00410662 03  00指令
0041081E .  67064100    DD WaGan.00410667 04  01指令
00410822 .  3C074100    DD WaGan.0041073C 05  重新来
00410826 .  59074100    DD WaGan.00410759 06  else
0041082A .  33074100    DD WaGan.00410733 07
0041082E .  46074100    DD WaGan.00410746 08
00410832 .  50074100    DD WaGan.00410750 09
0041063A  |>  E9 24010000 JMP WaGan.00410763
0041063F  |>  E9 1F010000 JMP WaGan.00410763
00410644  |>  8B55 E4    MOV EDX,DWORD PTR SS:[EBP-1C]
00410647  |.  66:8B45 F0 MOV AX,WORD PTR SS:[EBP-10]
0041064B  |.  66:8942 10 MOV WORD PTR DS:[EDX+10],AX
0041064F  |.  8B4D E4    MOV ECX,DWORD PTR SS:[EBP-1C]
00410652  |.  8B55 08    MOV EDX,DWORD PTR SS:[EBP+8]
00410655  |.  8951 14    MOV DWORD PTR DS:[ECX+14],EDX
00410658  |.  B8 02000000 MOV EAX,2
0041065D  |.  E9 A6010000 JMP WaGan.00410808 结束

03的返回处，结束指令
00410662  |>  E9 FC000000 JMP WaGan.00410763

00410667  |>  8B45 E4    MOV EAX,DWORD PTR SS:[EBP-1C]
0041066A  |.  8B10       MOV EDX,DWORD PTR DS:[EAX]
0041066C  |.  8B4D E4    MOV ECX,DWORD PTR SS:[EBP-1C]
0041066F  |.  FF52 08    CALL DWORD PTR DS:[EDX+8]
00410672  |.  8945 FC    MOV DWORD PTR SS:[EBP-4],EAX
00410675  |.  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
00410678  |.  8945 DC    MOV DWORD PTR SS:[EBP-24],EAX
0041067B  |.  837D DC 00 CMP DWORD PTR SS:[EBP-24],0
0041067F  |.  74 0E       JE SHORT WaGan.0041068F
00410681  |.  837D DC 01 CMP DWORD PTR SS:[EBP-24],1
00410685  |.  74 11       JE SHORT WaGan.00410698
00410687  |.  837D DC 05 CMP DWORD PTR SS:[EBP-24],5
0041068B  |.  74 14       JE SHORT WaGan.004106A1
0041068D  |.  EB 1C       JMP SHORT WaGan.004106AB
0041068F  |>  C745 F8 00000>MOV DWORD PTR SS:[EBP-8],0
00410696  |.  EB 13       JMP SHORT WaGan.004106AB
00410698  |>  C745 F8 01000>MOV DWORD PTR SS:[EBP-8],1
0041069F  |.  EB 0A       JMP SHORT WaGan.004106AB
004106A1  |>  B8 01000000 MOV EAX,1
004106A6  |.  E9 5D010000 JMP WaGan.00410808 结束重读

004106AB  |>  837D FC 06 CMP DWORD PTR SS:[EBP-4],6
004106AF  |.  75 06       JNZ SHORT WaGan.004106B7
004106B1  |.  837D F8 00 CMP DWORD PTR SS:[EBP-8],0
004106B5  |.  74 0F       JE SHORT WaGan.004106C6
004106B7  |>  837D FC 01 CMP DWORD PTR SS:[EBP-4],1
004106BB  |.  74 09       JE SHORT WaGan.004106C6
004106BD  |.  C745 D8 00000>MOV DWORD PTR SS:[EBP-28],0
004106C4  |.  EB 07       JMP SHORT WaGan.004106CD
004106C6  |>  C745 D8 01000>MOV DWORD PTR SS:[EBP-28],1
004106CD  |>  8B4D 08    MOV ECX,DWORD PTR SS:[EBP+8]
004106D0  |.  83C1 01    ADD ECX,1
004106D3  |.  51          PUSH ECX                               ; /Arg2
004106D4  |.  8B55 D8    MOV EDX,DWORD PTR SS:[EBP-28]          ; |
004106D7  |.  52          PUSH EDX                               ; |Arg1
004106D8  |.  8B4D E4    MOV ECX,DWORD PTR SS:[EBP-1C]          ; |
004106DB  |.  E8 6E010000 CALL WaGan.0041084E                   ; \WaGan.0041084E
004106E0  |.  8945 D4    MOV DWORD PTR SS:[EBP-2C],EAX
004106E3  |.  837D D4 05 CMP DWORD PTR SS:[EBP-2C],5
004106E7  |.  77 3E       JA SHORT WaGan.00410727
004106E9  |.  8B45 D4    MOV EAX,DWORD PTR SS:[EBP-2C]
004106EC  |.  FF2485 360841>JMP DWORD PTR DS:[EAX*4+410836]
004106F3  |>  EB 3C       JMP SHORT WaGan.00410731
004106F5  |>  B8 01000000 MOV EAX,1
004106FA  |.  E9 09010000 JMP WaGan.00410808
004106FF  |>  B8 02000000 MOV EAX,2
00410704  |.  E9 FF000000 JMP WaGan.00410808
00410709  |>  B8 03000000 MOV EAX,3
0041070E  |.  E9 F5000000 JMP WaGan.00410808
00410713  |>  B8 04000000 MOV EAX,4
00410718  |.  E9 EB000000 JMP WaGan.00410808
0041071D  |>  B8 05000000 MOV EAX,5
00410722  |.  E9 E1000000 JMP WaGan.00410808
00410727  |>  B8 01000000 MOV EAX,1
0041072C  |.  E9 D7000000 JMP WaGan.00410808
00410731  |>  EB 30       JMP SHORT WaGan.00410763

00410733  |>  C745 EC 01000>MOV DWORD PTR SS:[EBP-14],1
0041073A  |.  EB 27       JMP SHORT WaGan.00410763

0041073C  |>  B8 01000000 MOV EAX,1
00410741  |.  E9 C2000000 JMP WaGan.00410808    出错，重新来过

00410746  |>  B8 05000000 MOV EAX,5
0041074B  |.  E9 B8000000 JMP WaGan.00410808    08返回的处理

00410750  |>  C745 F4 01000>MOV DWORD PTR SS:[EBP-C],1
00410757  |.  EB 0A       JMP SHORT WaGan.00410763 09的返回处理

00410759  |>  B8 01000000 MOV EAX,1                else的处理
0041075E  |.  E9 A5000000 JMP WaGan.00410808

测试指令
00410763  |>  837D FC 03 CMP DWORD PTR SS:[EBP-4],3
00410767  |.^ 0F85 81FEFFFF JNZ WaGan.004105EE
0041076D  |.  837D EC 00 CMP DWORD PTR SS:[EBP-14],0
00410771  |.  75 13       JNZ SHORT WaGan.00410786
00410773  |.  837D 08 00 CMP DWORD PTR SS:[EBP+8],0
00410777  |.  75 4E       JNZ SHORT WaGan.004107C7
00410779  |.  8B4D E4    MOV ECX,DWORD PTR SS:[EBP-1C]
0041077C  |.  E8 0F020000 CALL WaGan.00410990
00410781  |.  83F8 01    CMP EAX,1
00410784  |.  75 41       JNZ SHORT WaGan.004107C7
00410786  |>  8B4D E4    MOV ECX,DWORD PTR SS:[EBP-1C]
00410789  |.  8B51 04    MOV EDX,DWORD PTR DS:[ECX+4]
0041078C  |.  83C2 01    ADD EDX,1
0041078F  |.  8B45 E4    MOV EAX,DWORD PTR SS:[EBP-1C]
00410792  |.  8950 04    MOV DWORD PTR DS:[EAX+4],EDX
00410795  |.  8B4D E4    MOV ECX,DWORD PTR SS:[EBP-1C]
00410798  |.  C741 08 00000>MOV DWORD PTR DS:[ECX+8],0
0041079F  |.  8B4D E4    MOV ECX,DWORD PTR SS:[EBP-1C]
004107A2  |.  E8 E0F4FFFF CALL WaGan.0040FC87
004107A7  |.  8B55 E4    MOV EDX,DWORD PTR SS:[EBP-1C]
004107AA  |.  3942 04    CMP DWORD PTR DS:[EDX+4],EAX
004107AD  |.  7C 11       JL SHORT WaGan.004107C0
004107AF  |.  8B45 E4    MOV EAX,DWORD PTR SS:[EBP-1C]
004107B2  |.  C740 28 00000>MOV DWORD PTR DS:[EAX+28],0
004107B9  |.  B8 04000000 MOV EAX,4
004107BE  |.  EB 48       JMP SHORT WaGan.00410808
004107C0  |>  B8 03000000 MOV EAX,3
004107C5  |.  EB 41       JMP SHORT WaGan.00410808
004107C7  |>  8B4D E4    MOV ECX,DWORD PTR SS:[EBP-1C]
004107CA  |.  E8 B8F4FFFF CALL WaGan.0040FC87
004107CF  |.  8B4D E4    MOV ECX,DWORD PTR SS:[EBP-1C]
004107D2  |.  3941 04    CMP DWORD PTR DS:[ECX+4],EAX
004107D5  |.  7C 11       JL SHORT WaGan.004107E8
004107D7  |.  8B55 E4    MOV EDX,DWORD PTR SS:[EBP-1C]
004107DA  |.  C742 28 00000>MOV DWORD PTR DS:[EDX+28],0
004107E1  |.  B8 04000000 MOV EAX,4
004107E6  |.  EB 20       JMP SHORT WaGan.00410808
004107E8  |>  837D F4 00 CMP DWORD PTR SS:[EBP-C],0
004107EC  |.  74 11       JE SHORT WaGan.004107FF
004107EE  |.  8B45 E4    MOV EAX,DWORD PTR SS:[EBP-1C]
004107F1  |.  C740 28 00000>MOV DWORD PTR DS:[EAX+28],0
004107F8  |.  B8 04000000 MOV EAX,4
004107FD  |.  EB 09       JMP SHORT WaGan.00410808
004107FF  |>  33C0       XOR EAX,EAX
00410801  |.  EB 05       JMP SHORT WaGan.00410808
00410803  |>^ E9 A3FEFFFF JMP WaGan.004106AB
00410808  |>  8BE5       MOV ESP,EBP
0041080A  |.  5D          POP EBP
0041080B  \.  C2 0400    RETN 4
00410836 .  F3064100    DD WaGan.004106F3                      ;  分支表被用于 004106EC
0041083A .  F5064100    DD WaGan.004106F5
0041083E .  FF064100    DD WaGan.004106FF
00410842 .  09074100    DD WaGan.00410709
00410846 .  13074100    DD WaGan.00410713
0041084A .  1D074100    DD WaGan.0041071D

004100A1  /$  55          PUSH EBP
004100A2  |.  8BEC       MOV EBP,ESP
004100A4  |.  6A FF       PUSH -1
004100A6  |.  68 C9504800 PUSH WaGan.004850C9                   ;  SE 处理程序安装
004100AB  |.  64:A1 0000000>MOV EAX,DWORD PTR FS:[0]
004100B1  |.  50          PUSH EAX
004100B2  |.  64:8925 00000>MOV DWORD PTR FS:[0],ESP
004100B9  |.  83EC 34    SUB ESP,34
004100BC  |.  894D C0    MOV DWORD PTR SS:[EBP-40],ECX
004100BF  |.  8B45 C0    MOV EAX,DWORD PTR SS:[EBP-40]
004100C2  |.  33C9       XOR ECX,ECX
004100C4  |.  66:8B48 10 MOV CX,WORD PTR DS:[EAX+10]
004100C8  |.  81F9 FFFF0000 CMP ECX,0FFFF
004100CE  |.  74 29       JE SHORT WaGan.004100F9
004100D0  |.  8B55 C0    MOV EDX,DWORD PTR SS:[EBP-40]
004100D3  |.  8B02       MOV EAX,DWORD PTR DS:[EDX]
004100D5  |.  8B4D C0    MOV ECX,DWORD PTR SS:[EBP-40]
004100D8  |.  FF50 0C    CALL DWORD PTR DS:[EAX+C]
004100DB  |.  85C0       TEST EAX,EAX
004100DD  |.  74 07       JE SHORT WaGan.004100E6
004100DF  |.  33C0       XOR EAX,EAX
004100E1  |.  E9 48010000 JMP WaGan.0041022E
004100E6  |>  8B4D C0    MOV ECX,DWORD PTR SS:[EBP-40]
004100E9  |.  66:C741 10 FF>MOV WORD PTR DS:[ECX+10],0FFFF
004100EF  |.  B8 01000000 MOV EAX,1
004100F4  |.  E9 35010000 JMP WaGan.0041022E
004100F9  |>  8B4D C0    MOV ECX,DWORD PTR SS:[EBP-40]
004100FC  |.  E8 4F080000 CALL WaGan.00410950
00410101  |.  85C0       TEST EAX,EAX
00410103  |.  75 07       JNZ SHORT WaGan.0041010C
00410105  |.  33C0       XOR EAX,EAX
00410107  |.  E9 22010000 JMP WaGan.0041022E
0041010C  |>  8B4D C0    MOV ECX,DWORD PTR SS:[EBP-40]
0041010F  |.  E8 5C080000 CALL WaGan.00410970
00410114  |.  85C0       TEST EAX,EAX
00410116  |.  74 07       JE SHORT WaGan.0041011F
00410118  |.  33C0       XOR EAX,EAX
0041011A  |.  E9 0F010000 JMP WaGan.0041022E
0041011F  |>  8B4D C0    MOV ECX,DWORD PTR SS:[EBP-40]
00410122  |.  E8 51FAFFFF CALL WaGan.0040FB78
00410127  |.  8B4D C0    MOV ECX,DWORD PTR SS:[EBP-40]
0041012A  |.  E8 B3FBFFFF CALL WaGan.0040FCE2
0041012F  |.  25 FFFF0000 AND EAX,0FFFF
00410134  |.  8B55 C0    MOV EDX,DWORD PTR SS:[EBP-40]
00410137  |.  8942 24    MOV DWORD PTR DS:[EDX+24],EAX
0041013A  |.  8D4D E0    LEA ECX,DWORD PTR SS:[EBP-20]
0041013D  |.  E8 CE070000 CALL WaGan.00410910
00410142  |.  C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0
00410149  |.  C745 DC 00000>MOV DWORD PTR SS:[EBP-24],0
00410150  |.  EB 09       JMP SHORT WaGan.0041015B
00410152  |>  8B45 DC    /MOV EAX,DWORD PTR SS:[EBP-24]
00410155  |.  83C0 01    |ADD EAX,1
00410158  |.  8945 DC    |MOV DWORD PTR SS:[EBP-24],EAX
0041015B  |>  8B4D C0       MOV ECX,DWORD PTR SS:[EBP-40]
0041015E  |.  8B55 DC    |MOV EDX,DWORD PTR SS:[EBP-24]
00410161  |.  3B51 24    |CMP EDX,DWORD PTR DS:[ECX+24]
00410164  |.  7D 7C       |JGE SHORT WaGan.004101E2
00410166  |.  8B45 DC    |MOV EAX,DWORD PTR SS:[EBP-24]
00410169  |.  50          |PUSH EAX                               ; /Arg1
0041016A  |.  8B4D C0    |MOV ECX,DWORD PTR SS:[EBP-40]          ; |
0041016D  |.  E8 37FAFFFF |CALL WaGan.0040FBA9                   ; \WaGan.0040FBA9
00410172  |.  8B4D C0    |MOV ECX,DWORD PTR SS:[EBP-40]
00410175  |.  8379 34 00 |CMP DWORD PTR DS:[ECX+34],0
00410179  |.  74 0C       |JE SHORT WaGan.00410187
0041017B  |.  8B4D C0    |MOV ECX,DWORD PTR SS:[EBP-40]
0041017E  |.  E8 5FFBFFFF |CALL WaGan.0040FCE2
00410183  |.  66:8945 D8 |MOV WORD PTR SS:[EBP-28],AX
00410187  |>  8B4D C0    |MOV ECX,DWORD PTR SS:[EBP-40]
0041018A  |.  E8 53FBFFFF |CALL WaGan.0040FCE2
0041018F  |.  66:8945 D0 |MOV WORD PTR SS:[EBP-30],AX
00410193  |.  C745 D4 01000>|MOV DWORD PTR SS:[EBP-2C],1

0041019A  |>  8B55 C0    |/MOV EDX,DWORD PTR SS:[EBP-40]
0041019D  |.  8B02       ||MOV EAX,DWORD PTR DS:[EDX]
0041019F  |.  8B4D C0    ||MOV ECX,DWORD PTR SS:[EBP-40]
004101A2  |.  FF50 08    ||CALL DWORD PTR DS:[EAX+8]    这里调用解析剧本指令
004101A5  |.  8945 CC    ||MOV DWORD PTR SS:[EBP-34],EAX
004101A8  |.  837D CC 01 ||CMP DWORD PTR SS:[EBP-34],1 返回1
004101AC  |.  74 06       ||JE SHORT WaGan.004101B4
004101AE  |.  837D CC 00 ||CMP DWORD PTR SS:[EBP-34],0  返回0
004101B2  |.  75 11       ||JNZ SHORT WaGan.004101C5
004101B4  |>  33C9       ||XOR ECX,ECX 0或者1都到这里
004101B6  |.  837D CC 01 ||CMP DWORD PTR SS:[EBP-34],1
004101BA  |.  0F94C1       ||SETE CL
004101BD  |.  8B55 D4    ||MOV EDX,DWORD PTR SS:[EBP-2C]
004101C0  |.  23D1       ||AND EDX,ECX
004101C2  |.  8955 D4    ||MOV DWORD PTR SS:[EBP-2C],EDX
004101C5  |>  837D CC 03 ||CMP DWORD PTR SS:[EBP-34],3
004101C9  |.^ 75 CF       |\JNZ SHORT WaGan.0041019A 这里是非3的处理

004101CB  |.  837D D4 00 |CMP DWORD PTR SS:[EBP-2C],0
004101CF  |.  74 0C       |JE SHORT WaGan.004101DD
004101D1  |.  8D45 E0    |LEA EAX,DWORD PTR SS:[EBP-20]
004101D4  |.  50          |PUSH EAX                               ; /Arg1
004101D5  |.  8B4D C0    |MOV ECX,DWORD PTR SS:[EBP-40]          ; |
004101D8  |.  E8 89FAFFFF |CALL WaGan.0040FC66                   ; \WaGan.0040FC66
004101DD  |>^ E9 70FFFFFF \JMP WaGan.00410152

004101E2  |>  837D E0 00 CMP DWORD PTR SS:[EBP-20],0
004101E6  |.  7C 2D       JL SHORT WaGan.00410215
004101E8  |.  837D E4 00 CMP DWORD PTR SS:[EBP-1C],0
004101EC  |.  7C 27       JL SHORT WaGan.00410215
004101EE  |.  8D4D E0    LEA ECX,DWORD PTR SS:[EBP-20]
004101F1  |.  51          PUSH ECX                               ; /Arg1
004101F2  |.  8B4D C0    MOV ECX,DWORD PTR SS:[EBP-40]          ; |
004101F5  |.  E8 20FAFFFF CALL WaGan.0040FC1A                   ; \WaGan.0040FC1A
004101FA  |.  C745 C8 01000>MOV DWORD PTR SS:[EBP-38],1
00410201  |.  C745 FC FFFFF>MOV DWORD PTR SS:[EBP-4],-1
00410208  |.  8D4D E0    LEA ECX,DWORD PTR SS:[EBP-20]
0041020B  |.  E8 00B30100 CALL WaGan.0042B510
00410210  |.  8B45 C8    MOV EAX,DWORD PTR SS:[EBP-38]
00410213  |.  EB 19       JMP SHORT WaGan.0041022E
00410215  |>  C745 C4 00000>MOV DWORD PTR SS:[EBP-3C],0
0041021C  |.  C745 FC FFFFF>MOV DWORD PTR SS:[EBP-4],-1
00410223  |.  8D4D E0    LEA ECX,DWORD PTR SS:[EBP-20]
00410226  |.  E8 E5B20100 CALL WaGan.0042B510
0041022B  |.  8B45 C4    MOV EAX,DWORD PTR SS:[EBP-3C]
0041022E  |>  8B4D F4    MOV ECX,DWORD PTR SS:[EBP-C]
00410231  |.  64:890D 00000>MOV DWORD PTR FS:[0],ECX
00410238  |.  8BE5       MOV ESP,EBP
0041023A  |.  5D          POP EBP
0041023B  \.  C3          RETN

[广告] 《精忠报国岳飞传完整版》火热发布


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#35

发表于 2007-12-30 21:29 资料个人空间短消息只看该作者

剧本参数解析函数

参数：
Ecx：
08栈：
局部变量：
-4
-8
-C
-10
-14
-18
004183F7  /$  55          PUSH EBP
004183F8  |.  8BEC       MOV EBP,ESP
004183FA  |.  83EC 18    SUB ESP,18
004183FD  |.  894D F8    MOV DWORD PTR SS:[EBP-8],ECX
00418400  |.  837D 08 01 CMP DWORD PTR SS:[EBP+8],1
00418404  |.  75 12       JNZ SHORT WaGan.00418418
00418406  |.  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]
00418409  |.  E8 D478FFFF CALL WaGan.0040FCE2
0041840E  |.  25 FFFF0000 AND EAX,0FFFF
00418413  |.  E9 94000000 JMP WaGan.004184AC 结束

00418418  |>  C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0
0041841F  |.  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]
00418422  |.  E8 BB78FFFF CALL WaGan.0040FCE2 这个是读剧本内容
00418427  |.  25 FFFF0000 AND EAX,0FFFF
0041842C  |.  3B45 08    CMP EAX,DWORD PTR SS:[EBP+8]
0041842F  |.  74 07       JE SHORT WaGan.00418438
00418431  |.  C745 FC 01000>MOV DWORD PTR SS:[EBP-4],1 有错误

00418438  |>  8B45 08    MOV EAX,DWORD PTR SS:[EBP+8]
0041843B  |.  8945 F4    MOV DWORD PTR SS:[EBP-C],EAX
0041843E  |.  837D F4 04 CMP DWORD PTR SS:[EBP-C],4 数字，四字节
00418442  |.  74 08       JE SHORT WaGan.0041844C
00418444  |.  837D F4 05 CMP DWORD PTR SS:[EBP-C],5 字符传
00418448  |.  74 21       JE SHORT WaGan.0041846B
0041844A  |.  EB 3E       JMP SHORT WaGan.0041848A

数字参数四字节处理
0041844C  |>  837D FC 00 CMP DWORD PTR SS:[EBP-4],0
00418450  |.  74 09       JE SHORT WaGan.0041845B
00418452  |.  C745 F0 00000>MOV DWORD PTR SS:[EBP-10],80000000
00418459  |.  EB 0B       JMP SHORT WaGan.00418466
0041845B  |>  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]
0041845E  |.  E8 B778FFFF CALL WaGan.0040FD1A
00418463  |.  8945 F0    MOV DWORD PTR SS:[EBP-10],EAX
00418466  |>  8B45 F0    MOV EAX,DWORD PTR SS:[EBP-10]
00418469  |.  EB 41       JMP SHORT WaGan.004184AC

字符串处理
0041846B  |>  837D FC 00 CMP DWORD PTR SS:[EBP-4],0
0041846F  |.  74 09       JE SHORT WaGan.0041847A
00418471  |.  C745 EC 00000>MOV DWORD PTR SS:[EBP-14],80000000
00418478  |.  EB 0B       JMP SHORT WaGan.00418485
0041847A  |>  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]
0041847D  |.  E8 C878FFFF CALL WaGan.0040FD4A
00418482  |.  8945 EC    MOV DWORD PTR SS:[EBP-14],EAX
00418485  |>  8B45 EC    MOV EAX,DWORD PTR SS:[EBP-14]
00418488  |.  EB 22       JMP SHORT WaGan.004184AC

普通参数处理
0041848A  |>  837D FC 00 CMP DWORD PTR SS:[EBP-4],0
0041848E  |.  74 08       JE SHORT WaGan.00418498
00418490  |.  66:C745 E8 00>MOV WORD PTR SS:[EBP-18],8000
00418496  |.  EB 0C       JMP SHORT WaGan.004184A4
00418498  |>  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]
0041849B  |.  E8 4278FFFF CALL WaGan.0040FCE2
004184A0  |.  66:8945 E8 MOV WORD PTR SS:[EBP-18],AX
004184A4  |>  8B45 E8    MOV EAX,DWORD PTR SS:[EBP-18]
004184A7  |.  25 FFFF0000 AND EAX,0FFFF
004184AC  |>  8BE5       MOV ESP,EBP
004184AE  |.  5D          POP EBP
004184AF  \.  C2 0400    RETN 4

[广告] 真诚支持说岳，携手共创辉煌


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#36

发表于 2007-12-30 21:29 资料个人空间短消息只看该作者

各个特效代码位置

[广告] 真诚支持说岳，携手共创辉煌


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#37

发表于 2007-12-30 21:31 资料个人空间短消息只看该作者

反击函数

0040639A  /$  55          PUSH EBP
0040639B  |.  8BEC       MOV EBP,ESP
0040639D  |.  83EC 10    SUB ESP,10
004063A0  |.  56          PUSH ESI
004063A1  |.  894D F0    MOV DWORD PTR SS:[EBP-10],ECX
004063A4  |.  8B45 F0    MOV EAX,DWORD PTR SS:[EBP-10]
004063A7  |.  8B4D F0    MOV ECX,DWORD PTR SS:[EBP-10]
004063AA  |.  8A51 10    MOV DL,BYTE PTR DS:[ECX+10]
004063AD  |.  8850 01    MOV BYTE PTR DS:[EAX+1],DL
004063B0  |.  8B45 F0    MOV EAX,DWORD PTR SS:[EBP-10]
004063B3  |.  33C9       XOR ECX,ECX
004063B5  |.  8A48 01    MOV CL,BYTE PTR DS:[EAX+1]
004063B8  |.  6BC9 24    IMUL ECX,ECX,24
004063BB  |.  81C1 502C4B00 ADD ECX,WaGan.004B2C50
004063C1  |.  894D FC    MOV DWORD PTR SS:[EBP-4],ECX
004063C4  |.  833D 042E4900>CMP DWORD PTR DS:[492E04],1
004063CB  |.  77 27       JA SHORT WaGan.004063F4
004063CD  |.  833D 042E4900>CMP DWORD PTR DS:[492E04],0
004063D4  |.  76 2D       JBE SHORT WaGan.00406403
004063D6  |.  6A 28       PUSH 28                                  无反攻击
004063D8  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
004063DB  |.  E8 90920500 CALL WaGan.0045F670
004063E0  |.  8BC8       MOV ECX,EAX                            ; |
004063E2  |.  6BC9 48    IMUL ECX,ECX,48                         ; |
004063E5  |.  81C1 0000D600 ADD ECX,0D60000                         ; |
004063EB  |.  E8 19160000 CALL WaGan.00407A09                   ; \WaGan.00407A09       判断是否攻击者带无反攻击
004063F0  |.  85C0       TEST EAX,EAX
004063F2  |.  75 0F       JNZ SHORT WaGan.00406403
004063F4  |>  C705 042E4900>MOV DWORD PTR DS:[492E04],0
004063FE  |.  E9 E9000000 JMP WaGan.004064EC
00406403  |>  C745 F8 01000>MOV DWORD PTR SS:[EBP-8],1
0040640A  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
0040640D  |.  E8 4ECFFFFF CALL WaGan.00403360                   获取武将ecx的坐标位置(纵横)
00406412  |.  50          PUSH EAX                               ; /Arg1
00406413  |.  8B4D F0    MOV ECX,DWORD PTR SS:[EBP-10]          ; |
00406416  |.  81C1 25040000 ADD ECX,425                            ; |
0040641C  |.  E8 7F010000 CALL WaGan.004065A0                   ; \WaGan.004065A0
00406421  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
00406424  |.  E8 95940300 CALL WaGan.0043F8BE                         获取武将ecx的攻击范围(宝物覆盖兵种)
00406429  |.  8845 F4    MOV BYTE PTR SS:[EBP-C],AL
0040642C  |.  8B55 F0    MOV EDX,DWORD PTR SS:[EBP-10]
0040642F  |.  8A02       MOV AL,BYTE PTR DS:[EDX]
00406431  |.  A2 282C4B00 MOV BYTE PTR DS:[4B2C28],AL
00406436  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
00406439  |.  E8 52C80600 CALL WaGan.00472C90                      返回武将ecx的当前体力
0040643E  |.  85C0       TEST EAX,EAX
00406440  |.  75 09       JNZ SHORT WaGan.0040644B
00406442  |.  C745 F8 00000>MOV DWORD PTR SS:[EBP-8],0
00406449  |.  EB 64       JMP SHORT WaGan.004064AF
0040644B  |>  6A 08       PUSH 8                                  ; /Arg1 = 00000008
0040644D  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]          ; |
00406450  |.  E8 8B020000 CALL WaGan.004066E0                   ; \WaGan.004066E0       判断是否混乱
00406455  |.  85C0       TEST EAX,EAX
00406457  |.  74 09       JE SHORT WaGan.00406462
00406459  |.  C745 F8 00000>MOV DWORD PTR SS:[EBP-8],0
00406460  |.  EB 4D       JMP SHORT WaGan.004064AF
00406462  |>  6A 2C       PUSH 2C                               ; /Arg1 = 0000002C
00406464  |.  8B4D F0    MOV ECX,DWORD PTR SS:[EBP-10]          ; |
00406467  |.  8B49 08    MOV ECX,DWORD PTR DS:[ECX+8]          ; |
0040646A  |.  E8 9A150000 CALL WaGan.00407A09                   ; \WaGan.00407A09
0040646F  |.  85C0       TEST EAX,EAX
00406471  |.  74 09       JE SHORT WaGan.0040647C
00406473  |.  C745 F8 00000>MOV DWORD PTR SS:[EBP-8],0
0040647A  |.  EB 33       JMP SHORT WaGan.004064AF
0040647C  |>  8B55 F0    MOV EDX,DWORD PTR SS:[EBP-10]
0040647F  |.  33C0       XOR EAX,EAX
00406481  |.  8A02       MOV AL,BYTE PTR DS:[EDX]
00406483  |.  8BF0       MOV ESI,EAX
00406485  |.  6A 00       PUSH 0                                  ; /Arg4 = 00000000
00406487  |.  6A 00       PUSH 0                                  ; |Arg3 = 00000000
00406489  |.  8A4D F4    MOV CL,BYTE PTR SS:[EBP-C]             ; |
0040648C  |.  51          PUSH ECX                               ; |Arg2
0040648D  |.  8B55 F0    MOV EDX,DWORD PTR SS:[EBP-10]          ; |
00406490  |.  81C2 25040000 ADD EDX,425                            ; |
00406496  |.  52          PUSH EDX                               ; |Arg1
00406497  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]          ; |
0040649A  |.  E8 E7000300 CALL WaGan.00436586                   ; \WaGan.00436586
0040649F  |.  25 FF000000 AND EAX,0FF
004064A4  |.  3BF0       CMP ESI,EAX
004064A6  |.  74 07       JE SHORT WaGan.004064AF
004064A8  |.  C745 F8 00000>MOV DWORD PTR SS:[EBP-8],0
004064AF  |>  837D F8 00 CMP DWORD PTR SS:[EBP-8],0
004064B3  |.  74 37       JE SHORT WaGan.004064EC
004064B5  |.  A1 042E4900 MOV EAX,DWORD PTR DS:[492E04]
004064BA  |.  83C0 01    ADD EAX,1
004064BD  |.  A3 042E4900 MOV DWORD PTR DS:[492E04],EAX
004064C2  |.  8B4D F0    MOV ECX,DWORD PTR SS:[EBP-10]
004064C5  |.  8A11       MOV DL,BYTE PTR DS:[ECX]
004064C7  |.  52          PUSH EDX                               ; /Arg2
004064C8  |.  8B45 F0    MOV EAX,DWORD PTR SS:[EBP-10]          ; |
004064CB  |.  8A48 01    MOV CL,BYTE PTR DS:[EAX+1]             ; |
004064CE  |.  51          PUSH ECX                               ; |Arg1
004064CF  |.  E8 55F30200 CALL WaGan.00435829                   ; \WaGan.00435829
004064D4  |.  83C4 08    ADD ESP,8
004064D7  |.  8B55 F0    MOV EDX,DWORD PTR SS:[EBP-10]
004064DA  |.  8A02       MOV AL,BYTE PTR DS:[EDX]
004064DC  |.  50          PUSH EAX                               ; /Arg2
004064DD  |.  8B4D F0    MOV ECX,DWORD PTR SS:[EBP-10]          ; |
004064E0  |.  8A51 01    MOV DL,BYTE PTR DS:[ECX+1]             ; |
004064E3  |.  52          PUSH EDX                               ; |Arg1
004064E4  |.  8B4D F0    MOV ECX,DWORD PTR SS:[EBP-10]          ; |
004064E7  |.  E8 05000000 CALL WaGan.004064F1                   ; \WaGan.004064F1
004064EC  |>  5E          POP ESI
004064ED  |.  8BE5       MOV ESP,EBP
004064EF  |.  5D          POP EBP
004064F0  \.  C3          RETN

[广告] 真诚支持说岳，携手共创辉煌


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#38

发表于 2007-12-30 21:31 资料个人空间短消息只看该作者

反击代码

0040639A  /$  55          PUSH EBP
0040639B  |.  8BEC       MOV EBP,ESP
0040639D  |.  83EC 10    SUB ESP,10
004063A0  |.  56          PUSH ESI
004063A1  |.  894D F0    MOV DWORD PTR SS:[EBP-10],ECX
004063A4  |.  8B45 F0    MOV EAX,DWORD PTR SS:[EBP-10]
004063A7  |.  8B4D F0    MOV ECX,DWORD PTR SS:[EBP-10]
004063AA  |.  8A51 10    MOV DL,BYTE PTR DS:[ECX+10]
004063AD  |.  8850 01    MOV BYTE PTR DS:[EAX+1],DL
004063B0  |.  8B45 F0    MOV EAX,DWORD PTR SS:[EBP-10]
004063B3  |.  33C9       XOR ECX,ECX                            ;  雪芸.004927F0
004063B5  |.  8A48 01    MOV CL,BYTE PTR DS:[EAX+1]
004063B8  |.  6BC9 24    IMUL ECX,ECX,24
004063BB  |.  81C1 502C4B00 ADD ECX,雪芸.004B2C50
004063C1  |.  894D FC    MOV DWORD PTR SS:[EBP-4],ECX
004063C4  |.  833D 042E4900>CMP DWORD PTR DS:[492E04],1
004063CB  |.  77 27       JA SHORT 雪芸.004063F4
004063CD  |.  833D 042E4900>CMP DWORD PTR DS:[492E04],0
004063D4  |.  76 2D       JBE SHORT 雪芸.00406403 //如果不是反击后反击判断，则不用28判断
004063D6  |.  6A 28       PUSH 28
004063D8  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
004063DB  |.  E8 90920500 CALL 雪芸.0045F670
004063E0  |.  8BC8       MOV ECX,EAX                            ; |
004063E2  |.  6BC9 48    IMUL ECX,ECX,48                         ; |
004063E5  |.  81C1 681B4A00 ADD ECX,雪芸.004A1B68                   ; |
004063EB  |.  E8 19160000 CALL 雪芸.00407A09                      ; \雪芸.00407A09
004063F0  |.  85C0       TEST EAX,EAX
004063F2  |.  75 0F       JNZ SHORT 雪芸.00406403
004063F4  |>  C705 042E4900>MOV DWORD PTR DS:[492E04],0
004063FE  |.  E9 E9000000 JMP 雪芸.004064EC //不是反击后反击退出

00406403  |>  C745 F8 01000>MOV DWORD PTR SS:[EBP-8],1
0040640A  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
0040640D  |.  E8 4ECFFFFF CALL 雪芸.00403360

00406412  |.  50          PUSH EAX                               ; /Arg1
00406413  |.  8B4D F0    MOV ECX,DWORD PTR SS:[EBP-10]          ; |
00406416  |.  81C1 25040000 ADD ECX,425                            ; |
0040641C  |.  E8 7F010000 CALL 雪芸.004065A0                      ; \雪芸.004065A0

00406421  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
00406424  |.  E8 95940300 CALL 雪芸.0043F8BE

00406429  |.  8845 F4    MOV BYTE PTR SS:[EBP-C],AL
0040642C  |.  8B55 F0    MOV EDX,DWORD PTR SS:[EBP-10]
0040642F  |.  8A02       MOV AL,BYTE PTR DS:[EDX]
00406431  |.  A2 282C4B00 MOV BYTE PTR DS:[4B2C28],AL
00406436  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
00406439  |.  E8 52C80600 CALL 雪芸.00472C90 //返回当前ecx武将体力
0040643E  |.  85C0       TEST EAX,EAX
00406440  |.  75 09       JNZ SHORT 雪芸.0040644B
00406442  |.  C745 F8 00000>MOV DWORD PTR SS:[EBP-8],0
00406449  |.  EB 64       JMP SHORT 雪芸.004064AF

0040644B  |>  6A 08       PUSH 8                                  ; /Arg1 = 00000008
0040644D  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]          ; |
00406450  |.  E8 8B020000 CALL 雪芸.004066E0                      ; \雪芸.004066E0
00406455  |.  85C0       TEST EAX,EAX
00406457  |.  74 09       JE SHORT 雪芸.00406462
00406459  |.  C745 F8 00000>MOV DWORD PTR SS:[EBP-8],0
00406460  |.  EB 4D       JMP SHORT 雪芸.004064AF

00406462  |>  6A 2C       PUSH 2C                               ; /Arg1 = 0000002C
00406464  |.  8B4D F0    MOV ECX,DWORD PTR SS:[EBP-10]          ; |
00406467  |.  8B49 08    MOV ECX,DWORD PTR DS:[ECX+8]          ; |
0040646A  |.  E8 9A150000 CALL 雪芸.00407A09                      ; \雪芸.00407A09 判断是不是无反击攻击
0040646F  |.  85C0       TEST EAX,EAX
00406471  |.  74 09       JE SHORT 雪芸.0040647C //不是的话，跳过，继续
00406473  |.  C745 F8 00000>MOV DWORD PTR SS:[EBP-8],0
0040647A  |.  EB 33       JMP SHORT 雪芸.004064AF //是无反击攻击，直接退出

0040647C  |>  8B55 F0    MOV EDX,DWORD PTR SS:[EBP-10]
0040647F  |.  33C0       XOR EAX,EAX
00406481  |.  8A02       MOV AL,BYTE PTR DS:[EDX]
00406483  |.  8BF0       MOV ESI,EAX
00406485  |.  6A 00       PUSH 0                                  ; /Arg4 = 00000000
00406487  |.  6A 00       PUSH 0                                  ; |Arg3 = 00000000
00406489  |.  8A4D F4    MOV CL,BYTE PTR SS:[EBP-C]             ; |
0040648C  |.  51          PUSH ECX                               ; |Arg2
0040648D  |.  8B55 F0    MOV EDX,DWORD PTR SS:[EBP-10]          ; |
00406490  |.  81C2 25040000 ADD EDX,425                            ; |
00406496  |.  52          PUSH EDX                               ; |Arg1
00406497  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]          ; |
0040649A  |.  E8 E7000300 CALL 雪芸.00436586                      ; \雪芸.00436586
0040649F  |.  25 FF000000 AND EAX,0FF
004064A4  |.  3BF0       CMP ESI,EAX
004064A6  |.  74 07       JE SHORT 雪芸.004064AF //如果攻击范围内有东西，

004064A8  |.  C745 F8 00000>MOV DWORD PTR SS:[EBP-8],0 //继续/退出

004064AF  |>  837D F8 00 CMP DWORD PTR SS:[EBP-8],0
004064B3  |.  74 37       JE SHORT 雪芸.004064EC //没有攻击退出

004064B5  |.  A1 042E4900 MOV EAX,DWORD PTR DS:[492E04]
004064BA  |.  83C0 01    ADD EAX,1
004064BD  |.  A3 042E4900 MOV DWORD PTR DS:[492E04],EAX
004064C2  |.  8B4D F0    MOV ECX,DWORD PTR SS:[EBP-10]
004064C5  |.  8A11       MOV DL,BYTE PTR DS:[ECX]
004064C7  |.  52          PUSH EDX                               ; /Arg2
004064C8  |.  8B45 F0    MOV EAX,DWORD PTR SS:[EBP-10]          ; |
004064CB  |.  8A48 01    MOV CL,BYTE PTR DS:[EAX+1]             ; |
004064CE  |.  51          PUSH ECX                               ; |Arg1
004064CF  |.  E8 55F30200 CALL 雪芸.00435829                      ; \雪芸.00435829
004064D4  |.  83C4 08    ADD ESP,8
004064D7  |.  8B55 F0    MOV EDX,DWORD PTR SS:[EBP-10]
004064DA  |.  8A02       MOV AL,BYTE PTR DS:[EDX]

004064DC  |.  50          PUSH EAX                               ; /Arg2
004064DD  |.  8B4D F0    MOV ECX,DWORD PTR SS:[EBP-10]          ; |
004064E0  |.  8A51 01    MOV DL,BYTE PTR DS:[ECX+1]             ; |
004064E3  |.  52          PUSH EDX                               ; |Arg1
004064E4  |.  8B4D F0    MOV ECX,DWORD PTR SS:[EBP-10]          ; |
004064E7  |.  E8 05000000 CALL 雪芸.004064F1                      ; \雪芸.004064F1 ///进行攻击
004064EC  |>  5E          POP ESI
004064ED  |.  8BE5       MOV ESP,EBP
004064EF  |.  5D          POP EBP
004064F0  \.  C3          RETN

[广告] 《精忠报国岳飞传完整版》火热发布


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#39

发表于 2007-12-30 21:32 资料个人空间短消息只看该作者

各处对话框的调用

[广告] 安装Alexa工具条，提高轩辕排名，支持轩辕发展！


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#40

发表于 2007-12-30 21:33 资料个人空间短消息只看该作者

动画效果函数

参数1：人物Data序号  +8
参数2：物品Data序号 +C
参数3：速度 +10
参数4：最高位置 +14
参数5: 开始位置    +18
参数6：音乐第几首  +1C
参数7: 是否有音乐  +20 0表示没有
004D2B66 55             PUSH EBP
004D2B67 8BEC          MOV EBP,ESP
004D2B69 6A FF          PUSH -1
004D2B6B 68 C4564800    PUSH WaGan.004856C4                   ; 入口地址
004D2B70 64:A1 00000000  MOV EAX,DWORD PTR FS:[0]
004D2B76 50             PUSH EAX
004D2B77 64:8925 0000000>MOV DWORD PTR FS:[0],ESP
004D2B7E 81EC 300A0000 SUB ESP,0A30
004D2B84 898D C8F5FFFF MOV DWORD PTR SS:[EBP-A38],ECX
004D2B8A 8B45 08       MOV EAX,DWORD PTR SS:[EBP+8]
004D2B8D 8985 ECFEFFFF MOV DWORD PTR SS:[EBP-114],EAX
004D2B93 8D8D F0FEFFFF LEA ECX,DWORD PTR SS:[EBP-110]
004D2B99 E8 1207F3FF    CALL WaGan.004032B0
004D2B9E 8B8D ECFEFFFF MOV ECX,DWORD PTR SS:[EBP-114]
004D2BA4 6BC9 48       IMUL ECX,ECX,48
004D2BA7 81C1 0000D600 ADD ECX,0D60000
004D2BAD E8 2A4FFAFF    CALL WaGan.00477ADC
004D2BB2 8885 E8FEFFFF MOV BYTE PTR SS:[EBP-118],AL
004D2BB8 8B8D E8FEFFFF MOV ECX,DWORD PTR SS:[EBP-118]
004D2BBE 81E1 FF000000 AND ECX,0FF
004D2BC4 6BC9 24       IMUL ECX,ECX,24
004D2BC7 81C1 502C4B00 ADD ECX,WaGan.004B2C50
004D2BCD E8 8E07F3FF    CALL WaGan.00403360
004D2BD2 66:8B00       MOV AX,WORD PTR DS:[EAX]
004D2BD5 50             PUSH EAX
004D2BD6 E8 A3CEF7FF    CALL WaGan.0044FA7E
004D2BDB 83C4 04       ADD ESP,4
004D2BDE 8985 CCF5FFFF MOV DWORD PTR SS:[EBP-A34],EAX
004D2BE4 8995 D0F5FFFF MOV DWORD PTR SS:[EBP-A30],EDX
004D2BEA 8B8D CCF5FFFF MOV ECX,DWORD PTR SS:[EBP-A34]
004D2BF0 898D E0FEFFFF MOV DWORD PTR SS:[EBP-120],ECX
004D2BF6 8B95 D0F5FFFF MOV EDX,DWORD PTR SS:[EBP-A30]
004D2BFC 8995 E4FEFFFF MOV DWORD PTR SS:[EBP-11C],EDX
004D2C02 8D85 E0F5FFFF LEA EAX,DWORD PTR SS:[EBP-A20]
004D2C08 50             PUSH EAX
004D2C09 6A 30          PUSH 30
004D2C0B 6A 30          PUSH 30
004D2C0D 8B8D E4FEFFFF MOV ECX,DWORD PTR SS:[EBP-11C]
004D2C13 51             PUSH ECX
004D2C14 8B95 E0FEFFFF MOV EDX,DWORD PTR SS:[EBP-120]
004D2C1A 52             PUSH EDX
004D2C1B E8 31B6FAFF    CALL WaGan.0047E251
004D2C20 83C4 14       ADD ESP,14
004D2C23 68 F0BB4800    PUSH WaGan.0048BBF0                   ; ASCII "YOYO.WA"
004D2C28 8D8D F0FEFFFF LEA ECX,DWORD PTR SS:[EBP-110]
004D2C2E E8 02CFF4FF    CALL WaGan.0041FB35
004D2C33 6A 04          PUSH 4
004D2C35 6A 00          PUSH 0
004D2C37 68 00690000    PUSH 6900
004D2C3C B9 C8E44A00    MOV ECX,WaGan.004AE4C8
004D2C41 E8 FACDFAFF    CALL WaGan.0047FA40                   ; ebp-4
004D2C46 50             PUSH EAX
004D2C47 8B45 0C       MOV EAX,DWORD PTR SS:[EBP+C]
004D2C4A 50             PUSH EAX
004D2C4B 8D8D F0FEFFFF LEA ECX,DWORD PTR SS:[EBP-110]
004D2C51 E8 33D0F4FF    CALL WaGan.0041FC89
004D2C56 8D8D F0FEFFFF LEA ECX,DWORD PTR SS:[EBP-110]
004D2C5C E8 6466F4FF    CALL WaGan.004192C5
004D2C61 8B45 20       MOV EAX,DWORD PTR SS:[EBP+20]
004D2C64 85C0          TEST EAX,EAX
004D2C66 74 10          JE SHORT WaGan.004D2C78
004D2C68 6A 01          PUSH 1
004D2C6A 8B45 1C       MOV EAX,DWORD PTR SS:[EBP+1C]
004D2C6D 50             PUSH EAX
004D2C6E B9 B0694B00    MOV ECX,WaGan.004B69B0
004D2C73 E8 021AFAFF    CALL WaGan.0047467A
004D2C78 8B45 18       MOV EAX,DWORD PTR SS:[EBP+18]
004D2C7B 8985 DCF5FFFF MOV DWORD PTR SS:[EBP-A24],EAX
004D2C81 EB 0F          JMP SHORT WaGan.004D2C92
004D2C83 8B8D DCF5FFFF MOV ECX,DWORD PTR SS:[EBP-A24]
004D2C89 034D 10       ADD ECX,DWORD PTR SS:[EBP+10]
004D2C8C 898D DCF5FFFF MOV DWORD PTR SS:[EBP-A24],ECX
004D2C92 8B5D 14       MOV EBX,DWORD PTR SS:[EBP+14]
004D2C95 399D DCF5FFFF CMP DWORD PTR SS:[EBP-A24],EBX
004D2C9B 90             NOP
004D2C9C 73 7F          JNB SHORT WaGan.004D2D1D
004D2C9E E8 38B9F4FF    CALL WaGan.0041E5DB
004D2CA3 6A 04          PUSH 4
004D2CA5 8D95 E0F5FFFF LEA EDX,DWORD PTR SS:[EBP-A20]
004D2CAB 52             PUSH EDX
004D2CAC 6A 30          PUSH 30
004D2CAE 6A 30          PUSH 30
004D2CB0 8B85 E4FEFFFF MOV EAX,DWORD PTR SS:[EBP-11C]
004D2CB6 50             PUSH EAX
004D2CB7 8B8D E0FEFFFF MOV ECX,DWORD PTR SS:[EBP-120]
004D2CBD 51             PUSH ECX
004D2CBE E8 50ECF7FF    CALL WaGan.00451913
004D2CC3 83C4 18       ADD ESP,18
004D2CC6 6A 04          PUSH 4
004D2CC8 6A 04          PUSH 4
004D2CCA 6A 00          PUSH 0
004D2CCC 68 00690000    PUSH 6900
004D2CD1 B9 C8E44A00    MOV ECX,WaGan.004AE4C8
004D2CD6 E8 65CDFAFF    CALL WaGan.0047FA40
004D2CDB 50             PUSH EAX
004D2CDC 6A 20          PUSH 20
004D2CDE 6A 20          PUSH 20
004D2CE0 8B95 E4FEFFFF MOV EDX,DWORD PTR SS:[EBP-11C]
004D2CE6 83C2 07       ADD EDX,7
004D2CE9 2B95 DCF5FFFF SUB EDX,DWORD PTR SS:[EBP-A24]
004D2CEF 52             PUSH EDX
004D2CF0 8B85 E0FEFFFF MOV EAX,DWORD PTR SS:[EBP-120]
004D2CF6 83C0 08       ADD EAX,8
004D2CF9 50             PUSH EAX
004D2CFA E8 14ECF7FF    CALL WaGan.00451913
004D2CFF 83C4 18       ADD ESP,18
004D2D02 6A 01          PUSH 1
004D2D04 B9 181B4B00    MOV ECX,WaGan.004B1B18
004D2D09 E8 3206F3FF    CALL WaGan.00403340
004D2D0E E8 CD97F5FF    CALL WaGan.0042C4E0
004D2D13 E8 DEB8F4FF    CALL WaGan.0041E5F6
004D2D18  ^ E9 66FFFFFF    JMP WaGan.004D2C83
004D2D1D 6A 05          PUSH 5
004D2D1F B9 181B4B00    MOV ECX,WaGan.004B1B18
004D2D24 E8 1706F3FF    CALL WaGan.00403340
004D2D29 E8 B297F5FF    CALL WaGan.0042C4E0
004D2D2E 8BE5          MOV ESP,EBP
004D2D30 5D             POP EBP
004D2D31 C2 1C00       RETN 1C

[广告] 《精忠报国岳飞传完整版》火热发布


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#41

发表于 2007-12-30 21:33 资料个人空间短消息只看该作者

动画

Ecx:45991B
+18: 1
+14

ata序号
+10: 1表示要显示动作
+C:0--表示无经验
+8 :物品Data序号

0045991B  /$  55          PUSH EBP
0045991C  |.  8BEC       MOV EBP,ESP
0045991E  |.  6A FF       PUSH -1
00459920  |.  68 C4564800 PUSH WaGan.004856C4                   ;  SE 处理程序安装
00459925  |.  64:A1 0000000>MOV EAX,DWORD PTR FS:[0]
0045992B  |.  50          PUSH EAX
0045992C  |.  64:8925 00000>MOV DWORD PTR FS:[0],ESP
00459933  |.  81EC 300A0000 SUB ESP,0A30

00459939  |.  898D C8F5FFFF MOV DWORD PTR SS:[EBP-A38],ECX
0045993F  |.  C785 ECFEFFFF>MOV DWORD PTR SS:[EBP-114],0FFFF
00459949  |.  8D8D F0FEFFFF LEA ECX,DWORD PTR SS:[EBP-110]
0045994F  |.  E8 5C99FAFF CALL WaGan.004032B0
00459954  |.  C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0
0045995B  |.  837D 10 00 CMP DWORD PTR SS:[EBP+10],0 等于0表示无动作
0045995F  |.  0F84 AF020000 JE WaGan.00459C14 跳转等于结束
00459965  |.  817D 14 00020>CMP DWORD PTR SS:[EBP+14],200
0045996C  |.  0F83 B6000000 JNB WaGan.00459A28 Data人物大于512跳开
00459972  |.  C685 E8FEFFFF>MOV BYTE PTR SS:[EBP-118],0
00459979  |.  EB 0E       JMP SHORT WaGan.00459989

0045997B  |>  8A85 E8FEFFFF /MOV AL,BYTE PTR SS:[EBP-118]
00459981  |.  04 01       |ADD AL,1
00459983  |.  8885 E8FEFFFF |MOV BYTE PTR SS:[EBP-118],AL
00459989  |>  8B8D E8FEFFFF  MOV ECX,DWORD PTR SS:[EBP-118]
0045998F  |.  81E1 FF000000 |AND ECX,0FF
00459995  |.  83F9 73    |CMP ECX,73 比较前115个战场人物,非1战场人物的没有用
00459998  |.  0F8D 88000000 |JGE WaGan.00459A26
0045999E  |.  8B8D E8FEFFFF |MOV ECX,DWORD PTR SS:[EBP-118]
004599A4  |.  81E1 FF000000 |AND ECX,0FF
004599AA  |.  6BC9 24    |IMUL ECX,ECX,24
004599AD  |.  81C1 502C4B00 |ADD ECX,WaGan.004B2C50
004599B3  |.  E8 B85C0000 |CALL WaGan.0045F670 获取武将ecx的data编号
004599B8  |.  3B45 14    |CMP EAX,DWORD PTR SS:[EBP+14]
004599BB  |.  75 64       |JNZ SHORT WaGan.00459A21             不相等，下个循环

004599BD  |.  8B8D E8FEFFFF |MOV ECX,DWORD PTR SS:[EBP-118] -118是战场人物编号
004599C3  |.  81E1 FF000000 |AND ECX,0FF
004599C9  |.  6BC9 24    |IMUL ECX,ECX,24
004599CC  |.  81C1 502C4B00 |ADD ECX,WaGan.004B2C50
004599D2  |.  E8 B9F2FBFF |CALL WaGan.00418C90 取+C字节
004599D7  |.  25 FF000000 |AND EAX,0FF
004599DC  |.  83F8 02    |CMP EAX,2
004599DF  |.  75 40       |JNZ SHORT WaGan.00459A21 不等于2跳掉,等于2为出场，不等于为隐藏
004599E1  |.  8B8D E8FEFFFF |MOV ECX,DWORD PTR SS:[EBP-118]
004599E7  |.  81E1 FF000000 |AND ECX,0FF
004599ED  |.  6BC9 24    |IMUL ECX,ECX,24
004599F0  |.  81C1 502C4B00 |ADD ECX,WaGan.004B2C50
004599F6  |.  E8 95920100 |CALL WaGan.00472C90 返回武将ecx的当前体力
004599FB  |.  85C0       |TEST EAX,EAX
004599FD  |.  76 22       |JBE SHORT WaGan.00459A21
004599FF  |.  8B8D E8FEFFFF |MOV ECX,DWORD PTR SS:[EBP-118]
00459A05  |.  81E1 FF000000 |AND ECX,0FF
00459A0B  |.  6BC9 24    |IMUL ECX,ECX,24
00459A0E  |.  81C1 502C4B00 |ADD ECX,WaGan.004B2C50
00459A14  |.  E8 575C0000 |CALL WaGan.0045F670
00459A19  |.  8985 ECFEFFFF |MOV DWORD PTR SS:[EBP-114],EAX
00459A1F  |.  EB 05       |JMP SHORT WaGan.00459A26
00459A21  |>^ E9 55FFFFFF \JMP WaGan.0045997B
00459A26  |>  EB 3F       JMP SHORT WaGan.00459A67

00459A28  |>  817D 14 00040>CMP DWORD PTR SS:[EBP+14],400
00459A2F  |.  72 36       JB SHORT WaGan.00459A67 Data小于1024
00459A31  |.  817D 14 03040>CMP DWORD PTR SS:[EBP+14],403
00459A38  |.  77 2D       JA SHORT WaGan.00459A67
00459A3A  |.  817D 14 03040>CMP DWORD PTR SS:[EBP+14],403
00459A41  |.  75 13       JNZ SHORT WaGan.00459A56
00459A43  |.  8B8D C8F5FFFF MOV ECX,DWORD PTR SS:[EBP-A38]
00459A49  |.  E8 A2C6FFFF CALL WaGan.004560F0
00459A4E  |.  8985 ECFEFFFF MOV DWORD PTR SS:[EBP-114],EAX
00459A54  |.  EB 11       JMP SHORT WaGan.00459A67
00459A56  |>  8B8D C8F5FFFF MOV ECX,DWORD PTR SS:[EBP-A38]
00459A5C  |.  E8 CAC5FFFF CALL WaGan.0045602B
00459A61  |.  8985 ECFEFFFF MOV DWORD PTR SS:[EBP-114],EAX

00459A67  |>  81BD ECFEFFFF>CMP DWORD PTR SS:[EBP-114],0FFFF
00459A71  |.  0F84 9D010000 JE WaGan.00459C14 结束

00459A77  |.  6A 00       PUSH 0                                  ; /Arg4 = 00000000
00459A79  |.  6A 00       PUSH 0                                  ; |Arg3 = 00000000
00459A7B  |.  6A 01       PUSH 1                                  ; |Arg2 = 00000001 举起武器
00459A7D  |.  8B95 ECFEFFFF MOV EDX,DWORD PTR SS:[EBP-114]          ; |
00459A83  |.  52          PUSH EDX                               ; |Arg1 人物Data
00459A84  |.  8B8D C8F5FFFF MOV ECX,DWORD PTR SS:[EBP-A38]          ; |
00459A8A  |.  E8 00DDFFFF CALL WaGan.0045778F                   ; \WaGan.0045778F

00459A8F  |.  8B8D ECFEFFFF MOV ECX,DWORD PTR SS:[EBP-114]
00459A95  |.  6BC9 48    IMUL ECX,ECX,48
00459A98  |.  81C1 0000D600 ADD ECX,0D60000
00459A9E  |.  E8 39E00100 CALL WaGan.00477ADC                   ;  获取战场形象编号
00459AA3  |.  8885 E8FEFFFF MOV BYTE PTR SS:[EBP-118],AL
00459AA9  |.  8B8D E8FEFFFF MOV ECX,DWORD PTR SS:[EBP-118]
00459AAF  |.  81E1 FF000000 AND ECX,0FF
00459AB5  |.  6BC9 24    IMUL ECX,ECX,24
00459AB8  |.  81C1 502C4B00 ADD ECX,WaGan.004B2C50
00459ABE  |.  E8 9D98FAFF CALL WaGan.00403360 对Ecx+6

00459AC3  |.  66:8B00    MOV AX,WORD PTR DS:[EAX] 取坐标(纵横)
00459AC6  |.  50          PUSH EAX                               ; /Arg1
00459AC7  |.  E8 B25FFFFF CALL WaGan.0044FA7E                   ; \WaGan.0044FA7E
00459ACC  |.  83C4 04    ADD ESP,4
00459ACF  |.  8985 CCF5FFFF MOV DWORD PTR SS:[EBP-A34],EAX 120
00459AD5  |.  8995 D0F5FFFF MOV DWORD PTR SS:[EBP-A30],EDX F8

00459ADB  |.  8B8D CCF5FFFF MOV ECX,DWORD PTR SS:[EBP-A34]
00459AE1  |.  898D E0FEFFFF MOV DWORD PTR SS:[EBP-120],ECX

00459AE7  |.  8B95 D0F5FFFF MOV EDX,DWORD PTR SS:[EBP-A30]
00459AED  |.  8995 E4FEFFFF MOV DWORD PTR SS:[EBP-11C],EDX

00459AF3  |.  8D85 E0F5FFFF LEA EAX,DWORD PTR SS:[EBP-A20]
00459AF9  |.  50          PUSH EAX
00459AFA  |.  6A 30       PUSH 30
00459AFC  |.  6A 30       PUSH 30
00459AFE  |.  8B8D E4FEFFFF MOV ECX,DWORD PTR SS:[EBP-11C]
00459B04  |.  51          PUSH ECX
00459B05  |.  8B95 E0FEFFFF MOV EDX,DWORD PTR SS:[EBP-120]
00459B0B  |.  52          PUSH EDX
00459B0C  |.  E8 40470200 CALL WaGan.0047E251
00459B11  |.  83C4 14    ADD ESP,14
00459B14  |.  68 F0BB4800 PUSH WaGan.0048BBF0                   ; /Arg1 = 0048BBF0 ASCII "Item.WA"
00459B19  |.  8D8D F0FEFFFF LEA ECX,DWORD PTR SS:[EBP-110]          ; |
00459B1F  |.  E8 1160FCFF CALL WaGan.0041FB35                   ; \WaGan.0041FB35 打开Item.e5这个文件，句柄放-110
00459B24  |.  6A 04       PUSH 4                                  ; /Arg3 = 00000004
00459B26  |.  6A 00       PUSH 0                                  ; |Arg2 = 00000000
00459B28  |.  68 00690000 PUSH 6900                               ; |Arg1 = 00006900
00459B2D  |.  B9 C8E44A00 MOV ECX,WaGan.004AE4C8                ; |
00459B32  |.  E8 095F0200 CALL WaGan.0047FA40                   ; \WaGan.0047FA40
00459B37  |.  50          PUSH EAX                               ; /Arg2
00459B38  |.  8B45 08    MOV EAX,DWORD PTR SS:[EBP+8]          ; |
00459B3B  |.  50          PUSH EAX                               ; |Arg1 物品Data号
00459B3C  |.  8D8D F0FEFFFF LEA ECX,DWORD PTR SS:[EBP-110]          ; |
00459B42  |.  E8 4261FCFF CALL WaGan.0041FC89                   ; \WaGan.0041FC89 ？？？
00459B47  |.  8D8D F0FEFFFF LEA ECX,DWORD PTR SS:[EBP-110]
00459B4D  |.  E8 73F7FBFF CALL WaGan.004192C5 关闭Item.e5这个文件文件

00459B52  |.  6A 01       PUSH 1                                  ; /Arg2 = 00000001
00459B54  |.  6A 0E       PUSH 0E                               ; |Arg1 = 0000000E
00459B56  |.  B9 B0694B00 MOV ECX,WaGan.004B69B0                ; |
00459B5B  |.  E8 1AAB0100 CALL WaGan.0047467A                   ; \WaGan.0047467A
00459B60  |.  C785 DCF5FFFF>MOV DWORD PTR SS:[EBP-A24],0
画动画
00459B6A  |.  EB 0F       JMP SHORT WaGan.00459B7B
00459B6C  |>  8B8D DCF5FFFF /MOV ECX,DWORD PTR SS:[EBP-A24]
00459B72  |.  83C1 01    |ADD ECX,1
00459B75  |.  898D DCF5FFFF |MOV DWORD PTR SS:[EBP-A24],ECX
00459B7B  |>  83BD DCF5FFFF> CMP DWORD PTR SS:[EBP-A24],8
00459B82  |.  73 7F       |JNB SHORT WaGan.00459C03
00459B84  |.  E8 524AFCFF |CALL WaGan.0041E5DB
00459B89  |.  6A 04       |PUSH 4                               ; /Arg6 = 00000004
00459B8B  |.  8D95 E0F5FFFF |LEA EDX,DWORD PTR SS:[EBP-A20]       ; |
00459B91  |.  52          |PUSH EDX                               ; |Arg5
00459B92  |.  6A 30       |PUSH 30                               ; |Arg4 = 00000030
00459B94  |.  6A 30       |PUSH 30                               ; |Arg3 = 00000030
00459B96  |.  8B85 E4FEFFFF |MOV EAX,DWORD PTR SS:[EBP-11C]       ; |
00459B9C  |.  50          |PUSH EAX                               ; |Arg2
00459B9D  |.  8B8D E0FEFFFF |MOV ECX,DWORD PTR SS:[EBP-120]       ; |
00459BA3  |.  51          |PUSH ECX                               ; |Arg1
00459BA4  |.  E8 6A7DFFFF |CALL WaGan.00451913                   ; \WaGan.00451913
00459BA9  |.  83C4 18    |ADD ESP,18
00459BAC  |.  6A 04       |PUSH 4                               ; /Arg6 = 00000004
00459BAE  |.  6A 04       |PUSH 4                               ; |/Arg3 = 00000004
00459BB0  |.  6A 00       |PUSH 0                               ; ||Arg2 = 00000000
00459BB2  |.  68 00690000 |PUSH 6900                            ; ||Arg1 = 00006900
00459BB7  |.  B9 C8E44A00 |MOV ECX,WaGan.004AE4C8                ; ||
00459BBC  |.  E8 7F5E0200 |CALL WaGan.0047FA40                   ; |\WaGan.0047FA40
00459BC1  |.  50          |PUSH EAX                               ; |Arg5
00459BC2  |.  6A 20       |PUSH 20                               ; |Arg4 = 00000020
00459BC4  |.  6A 20       |PUSH 20                               ; |Arg3 = 00000020
00459BC6  |.  8B95 E4FEFFFF |MOV EDX,DWORD PTR SS:[EBP-11C]       ; |
00459BCC  |.  83C2 07    |ADD EDX,7                            ; |
00459BCF  |.  2B95 DCF5FFFF |SUB EDX,DWORD PTR SS:[EBP-A24]       ; |
00459BD5  |.  52          |PUSH EDX                               ; |Arg2
00459BD6  |.  8B85 E0FEFFFF |MOV EAX,DWORD PTR SS:[EBP-120]       ; |
00459BDC  |.  83C0 08    |ADD EAX,8                            ; |
00459BDF  |.  50          |PUSH EAX                               ; |Arg1
00459BE0  |.  E8 2E7DFFFF |CALL WaGan.00451913                   ; \WaGan.00451913
00459BE5  |.  83C4 18    |ADD ESP,18
00459BE8  |.  6A 01       |PUSH 1                               ; /Arg1 = 00000001
00459BEA  |.  B9 181B4B00 |MOV ECX,WaGan.004B1B18                ; |
00459BEF  |.  E8 4C97FAFF |CALL WaGan.00403340                   ; \WaGan.00403340
00459BF4  |.  E8 E728FDFF |CALL WaGan.0042C4E0
00459BF9  |.  E8 F849FCFF |CALL WaGan.0041E5F6
00459BFE  |.^ E9 69FFFFFF \JMP WaGan.00459B6C

一段动画的代码
[EBP-A24]:控制循环的变量

00459B60  |.  C785 DCF5FFFF>MOV DWORD PTR SS:[EBP-A24],0
00459B6A  |.  EB 0F       JMP SHORT WaGan.00459B7B
00459B6C  |>  8B8D DCF5FFFF /MOV ECX,DWORD PTR SS:[EBP-A24]
00459B72  |.  83C1 01    |ADD ECX,1 递增
00459B75  |.  898D DCF5FFFF |MOV DWORD PTR SS:[EBP-A24],ECX
00459B7B  |>  83BD DCF5FFFF> CMP DWORD PTR SS:[EBP-A24],8
00459B82  |.  73 7F       |JNB SHORT WaGan.00459C03 不小于等于则转移，即大于8退出
00459B84  |.  E8 524AFCFF |CALL WaGan.0041E5DB
00459B89  |.  6A 04       |PUSH 4                               ; /Arg6 = 00000004
00459B8B  |.  8D95 E0F5FFFF |LEA EDX,DWORD PTR SS:[EBP-A20]       ; |
00459B91  |.  52          |PUSH EDX                               ; |Arg5
00459B92  |.  6A 30       |PUSH 30                               ; |Arg4 = 00000030
00459B94  |.  6A 30       |PUSH 30                               ; |Arg3 = 00000030
00459B96  |.  8B85 E4FEFFFF |MOV EAX,DWORD PTR SS:[EBP-11C]       ; |
00459B9C  |.  50          |PUSH EAX                               ; |Arg2
00459B9D  |.  8B8D E0FEFFFF |MOV ECX,DWORD PTR SS:[EBP-120]       ; |
00459BA3  |.  51          |PUSH ECX                               ; |Arg1
00459BA4  |.  E8 6A7DFFFF |CALL WaGan.00451913                   ; \WaGan.00451913
00459BA9  |.  83C4 18    |ADD ESP,18
00459BAC  |.  6A 04       |PUSH 4                               ; /Arg6 = 00000004
00459BAE  |.  6A 04       |PUSH 4                               ; |/Arg3 = 00000004
00459BB0  |.  6A 00       |PUSH 0                               ; ||Arg2 = 00000000
00459BB2  |.  68 00690000 |PUSH 6900                            ; ||Arg1 = 00006900
00459BB7  |.  B9 C8E44A00 |MOV ECX,WaGan.004AE4C8                ; ||
00459BBC  |.  E8 7F5E0200 |CALL WaGan.0047FA40                   ; |\WaGan.0047FA40
00459BC1  |.  50          |PUSH EAX                               ; |Arg5
00459BC2  |.  6A 20       |PUSH 20                               ; |Arg4 = 00000020
00459BC4  |.  6A 20       |PUSH 20                               ; |Arg3 = 00000020
00459BC6  |.  8B95 E4FEFFFF |MOV EDX,DWORD PTR SS:[EBP-11C]       ; |
00459BCC  |.  83C2 07    |ADD EDX,7                            ; |
00459BCF  |.  2B95 DCF5FFFF |SUB EDX,DWORD PTR SS:[EBP-A24]       ; |
00459BD5  |.  52          |PUSH EDX                               ; |Arg2
00459BD6  |.  8B85 E0FEFFFF |MOV EAX,DWORD PTR SS:[EBP-120]       ; |
00459BDC  |.  83C0 08    |ADD EAX,8                            ; |
00459BDF  |.  50          |PUSH EAX                               ; |Arg1
00459BE0  |.  E8 2E7DFFFF |CALL WaGan.00451913                   ; \WaGan.00451913
00459BE5  |.  83C4 18    |ADD ESP,18
00459BE8  |.  6A 01       |PUSH 1                               ; /Arg1 = 00000001
00459BEA  |.  B9 181B4B00 |MOV ECX,WaGan.004B1B18                ; |
00459BEF  |.  E8 4C97FAFF |CALL WaGan.00403340                   ; \WaGan.00403340
00459BF4  |.  E8 E728FDFF |CALL WaGan.0042C4E0
00459BF9  |.  E8 F849FCFF |CALL WaGan.0041E5F6 绘图
00459BFE  |.^ E9 69FFFFFF \JMP WaGan.00459B6C
00459C03  |>  6A 05       PUSH 5                                  ; /Arg1 = 00000005
00459C03    6A 05       PUSH 5
00459C05    B9 181B4B00 MOV ECX,WaGan.004B1B18
00459C0A  |.  E8 3197FAFF CALL WaGan.00403340                   ; \WaGan.00403340
00459C0F  |.  E8 CC28FDFF CALL WaGan.0042C4E0

[广告] 真诚支持说岳，携手共创辉煌


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#42

发表于 2007-12-30 21:34 资料个人空间短消息只看该作者

道具的使用

消息的响应：
0043E19F  |> \8B4D D4    |MOV ECX,DWORD PTR SS:[EBP-2C] ECX是被点击武将的Ecx值
0043E1A2  |.  E8 35FBFFFF |CALL 复件_Ekd.0043DCDC       道具使用的处理代码
0043E1A7  |.  EB 0A       |JMP SHORT 复件_Ekd.0043E1B3 返回判断

0043E116  |> /6A 02       /PUSH 2                               ; /Arg1 = 00000002
0043E118  |. |8B4D D4    |MOV ECX,DWORD PTR SS:[EBP-2C]          ; |
0043E11B  |. |E8 D079FEFF |CALL 复件_Ekd.00425AF0                   ; \复件_Ekd.00425AF0
0043E120  |. |85C0       |TEST EAX,EAX
0043E122  |. |0F85 90000000 |JNZ 复件_Ekd.0043E1B8

道具使用的处理代码
三个局部变量：
-4 值0xFF,没有什么用
-8 存放道具Data序号
-C 存放点击武将的Ecx
0043DCDC  /$  55          PUSH EBP
0043DCDD  |.  8BEC       MOV EBP,ESP
0043DCDF  |.  83EC 0C    SUB ESP,0C
0043DCE2  |.  894D F4    MOV DWORD PTR SS:[EBP-C],ECX
0043DCE5  |.  C645 FC FF MOV BYTE PTR SS:[EBP-4],0FF

0043DCE9  |>  6A 02       /PUSH 2                               ; /Arg1 = 00000002
0043DCEB  |.  8B4D F4    |MOV ECX,DWORD PTR SS:[EBP-C]          ; |
0043DCEE  |.  E8 FD7DFEFF |CALL 复件_Ekd.00425AF0                   ; \复件_Ekd.00425AF0 判断行动是否结束
0043DCF3  |.  85C0       |TEST EAX,EAX
0043DCF5  |.  75 30       |JNZ SHORT 复件_Ekd.0043DD27 行动结束
0043DCF7  |.  8B45 F4    |MOV EAX,DWORD PTR SS:[EBP-C]
0043DCFA  |.  50          |PUSH EAX                               ; /Arg1
0043DCFB  |.  E8 2B000000 |CALL 复件_Ekd.0043DD2B                   ; \复件_Ekd.0043DD2B 加载道具框列表
0043DD00  |.  83C4 04    |ADD ESP,4
0043DD03  |.  8845 F8    |MOV BYTE PTR SS:[EBP-8],AL 物品代号
0043DD06  |.  8B4D F8    |MOV ECX,DWORD PTR SS:[EBP-8]
0043DD09  |.  81E1 FF000000 |AND ECX,0FF
0043DD0F  |.  81F9 FF000000 |CMP ECX,0FF
0043DD15  |.  75 02       |JNZ SHORT 复件_Ekd.0043DD19
0043DD17  |.  EB 0E       |JMP SHORT 复件_Ekd.0043DD27
0043DD19  |>  8A55 F8    |MOV DL,BYTE PTR SS:[EBP-8]
0043DD1C  |.  52          |PUSH EDX                               ; /Arg1
0043DD1D  |.  8B4D F4    |MOV ECX,DWORD PTR SS:[EBP-C]          ; |
0043DD20  |.  E8 83000000 |CALL 复件_Ekd.0043DDA8                   ; \复件_Ekd.0043DDA8 道具使用
0043DD25  |.^ EB C2       \JMP SHORT 复件_Ekd.0043DCE9

0043DD27  |>  8BE5       MOV ESP,EBP
0043DD29  |.  5D          POP EBP
0043DD2A  \.  C3          RETN

道具使用代码:
参数：
08栈，物品Data序号
Ecx点击的武将Ecx值
局部变量两个:
-4 存放使用道具成功与否的返回值，0表示失败，1成功
-8 存放点击的武将Ecx值
0043DDA8  /$  55          PUSH EBP
0043DDA9  |.  8BEC       MOV EBP,ESP
0043DDAB  |.  83EC 08    SUB ESP,8
0043DDAE  |.  894D F8    MOV DWORD PTR SS:[EBP-8],ECX
0043DDB1  |.  6A 00       PUSH 0                                  ; /Arg4 = 00000000
0043DDB3  |.  6A 01       PUSH 1                                  ; |Arg3 = 00000001
0043DDB5  |.  8B45 F8    MOV EAX,DWORD PTR SS:[EBP-8]          ; |
0043DDB8  |.  8A48 04    MOV CL,BYTE PTR DS:[EAX+4]             ; |
0043DDBB  |.  51          PUSH ECX                               ; |Arg2
0043DDBC  |.  8A55 08    MOV DL,BYTE PTR SS:[EBP+8]             ; |
0043DDBF  |.  52          PUSH EDX                               ; |Arg1
0043DDC0  |.  B9 50774900 MOV ECX,复件_Ekd.00497750                ; |
0043DDC5  |.  E8 79FEFDFF CALL 复件_Ekd.0041DC43                   ; \复件_Ekd.0041DC43  道具使用函数
0043DDCA  |.  8945 FC    MOV DWORD PTR SS:[EBP-4],EAX
0043DDCD  |.  837D FC 00 CMP DWORD PTR SS:[EBP-4],0 0表示取消，1表示成功
0043DDD1  |.  74 0A       JE SHORT 复件_Ekd.0043DDDD
0043DDD3  |.  6A 06       PUSH 6                                  ; /Arg1 = 00000006
0043DDD5  |.  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]          ; |
0043DDD8  |.  E8 3B490000 CALL 复件_Ekd.00442718                   ; \复件_Ekd.00442718 设置武将为行动完毕
0043DDDD  |>  8BE5       MOV ESP,EBP
0043DDDF  |.  5D          POP EBP
0043DDE0  \.  C2 0400    RETN 4

道具使用函数:
参数5个:
Ecx：00497750
+8 === 道具Data序号
+C === 一个武将相关的Ecx值
+10 === 1
+14 ==0
局部变量两个:
-4  00497750
-8  存放道具的编号，合并了三种回复HP和两种回复MP的

0041DC43  /$  55          PUSH EBP
0041DC44  |.  8BEC       MOV EBP,ESP
0041DC46  |.  83EC 08    SUB ESP,8
0041DC49  |.  894D FC    MOV DWORD PTR SS:[EBP-4],ECX
0041DC4C  |.  8A45 0C    MOV AL,BYTE PTR SS:[EBP+C]
0041DC4F  |.  50          PUSH EAX                      ; /Arg2
0041DC50  |.  8A4D 08    MOV CL,BYTE PTR SS:[EBP+8]    ; |
0041DC53  |.  51          PUSH ECX                      ; |Arg1 道Data序号
0041DC54  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]    ; |
0041DC57  |.  E8 60FFFFFF CALL 复件_Ekd.0041DBBC          ; \复件_Ekd.0041DBBC  对道具编号做处理，分类
0041DC5C  |.  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]
0041DC5F  |.  33C0       XOR EAX,EAX
0041DC61  |.  8A42 01    MOV AL,BYTE PTR DS:[EDX+1]
0041DC64  |.  8945 F8    MOV DWORD PTR SS:[EBP-8],EAX
0041DC67  |.  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]
0041DC6A  |.  83E9 3F    SUB ECX,3F 区分消耗物品和辅助物品
0041DC6D  |.  894D F8    MOV DWORD PTR SS:[EBP-8],ECX
0041DC70  |.  837D F8 0D CMP DWORD PTR SS:[EBP-8],0D这里分了14种，其实原曹操传是17个消耗道具，但是三种恢复HP和两种回复MP
0041DC74  |.  77 50       JA SHORT 复件_Ekd.0041DCC6
0041DC76  |.  8B45 F8    MOV EAX,DWORD PTR SS:[EBP-8]
0041DC79  |.  33D2       XOR EDX,EDX
0041DC7B  |.  8A90 35DD4100 MOV DL,BYTE PTR DS:[EAX+41DD35]
0041DD35 .  00          DB 00 豆、米、桃回复HP 的道具;
0041DD36 .  01          DB 01 神秘水和杜康酒回复MP的道具
0041DD37 .  02          DB 02 止咳药、万能药等恢复状态类道具
0041DD38 .  02          DB 02
0041DD39 .  02          DB 02
0041DD3A .  02          DB 02
0041DD3B .  02          DB 02
0041DD3C .  03          DB 03 五果
0041DD3D .  03          DB 03
0041DD3E .  03          DB 03
0041DD3F .  03          DB 03
0041DD40 .  03          DB 03
0041DD41 .  04          DB 04 经验果
0041DD42 .  05          DB 05 印授

0041DC81  |.  FF2495 19DD41>JMP DWORD PTR DS:[EDX*4+41DD19]

恢复HP道具
0041DC88  |>  8B4D 10    MOV ECX,DWORD PTR SS:[EBP+10]
0041DC8B  |.  51          PUSH ECX                      ; /Arg1
0041DC8C  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]    ; |
0041DC8F  |.  E8 4BF0FFFF CALL 复件_Ekd.0041CCDF          ; \复件_Ekd.0041CCDF
0041DC94  |.  EB 30       JMP SHORT 复件_Ekd.0041DCC6

恢复MP道具
0041DC96  |>  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
0041DC99  |.  E8 9FF1FFFF CALL 复件_Ekd.0041CE3D
0041DC9E  |.  EB 26       JMP SHORT 复件_Ekd.0041DCC6

恢复状态
0041DCA0  |>  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
0041DCA3  |.  E8 B9F2FFFF CALL 复件_Ekd.0041CF61
0041DCA8  |.  EB 1C       JMP SHORT 复件_Ekd.0041DCC6

五果等加强状态
0041DCAA  |>  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
0041DCAD  |.  E8 CEF3FFFF CALL 复件_Ekd.0041D080
0041DCB2  |.  EB 12       JMP SHORT 复件_Ekd.0041DCC6

经验果加等级
0041DCB4  |>  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
0041DCB7  |.  E8 1DF7FFFF CALL 复件_Ekd.0041D3D9
0041DCBC  |.  EB 08       JMP SHORT 复件_Ekd.0041DCC6

印授兵种转职
0041DCBE  |>  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
0041DCC1  |.  E8 15F8FFFF CALL 复件_Ekd.0041D4DB

最后的处理
0041DCC6  |>  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]
0041DCC9  |.  837A 1C 00 CMP DWORD PTR DS:[EDX+1C],0
0041DCCD  |.  74 3E       JE SHORT 复件_Ekd.0041DD0D  退出，取消
0041DCCF  |.  837D 14 00 CMP DWORD PTR SS:[EBP+14],0
0041DCD3  |.  75 10       JNZ SHORT 复件_Ekd.0041DCE5
0041DCD5  |.  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
0041DCD8  |.  8A08       MOV CL,BYTE PTR DS:[EAX]
0041DCDA  |.  51          PUSH ECX                      ; /Arg1 物品Data序号，比如武力果是98
0041DCDB  |.  B9 70074B00 MOV ECX,复件_Ekd.004B0770       ; |
0041DCE0  |.  E8 70FCFEFF CALL 复件_Ekd.0040D955          ; \复件_Ekd.0040D955 对仓库的操作

0041DCE5  |>  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]
0041DCE8  |.  8B4A 08    MOV ECX,DWORD PTR DS:[EDX+8]
0041DCEB  |.  E8 80190400 CALL 复件_Ekd.0045F670 获取武将ecx的data编号,被使用道具的武将
0041DCF0  |.  50          PUSH EAX                      ; /Arg1
0041DCF1  |.  E8 0BBD0500 CALL 复件_Ekd.00479A01          ; \复件_Ekd.00479A01
0041DCF6  |.  83C4 04    ADD ESP,4

0041DCF9  |.  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
0041DCFC  |.  8B48 04    MOV ECX,DWORD PTR DS:[EAX+4]
0041DCFF  |.  E8 6C190400 CALL 复件_Ekd.0045F670 获取武将ecx的data编号，使用道具的武将
0041DD04  |.  50          PUSH EAX                      ; /Arg1
0041DD05  |.  E8 F7BC0500 CALL 复件_Ekd.00479A01          ; \复件_Ekd.00479A01
0041DD0A  |.  83C4 04    ADD ESP,4

0041DD0D  |>  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
0041DD10  |.  8B41 1C    MOV EAX,DWORD PTR DS:[ECX+1C]
0041DD13  |.  8BE5       MOV ESP,EBP
0041DD15  |.  5D          POP EBP
0041DD16  \.  C2 1000    RETN 10
0041D080  五果使用函数
[EBP-18]存放点到武将的Ecx，后面存放被点武将的Ecx
[EBP-4] FF
[EBP-8]
[EBP-C]存放的是人物能力的五围中的一围
[EBP-10]存放果子的效果,曹操传中是1
[EBP-14]存放人物部队攻防五围中的一围
0041D080  /$  55          PUSH EBP
0041D081  |.  8BEC       MOV EBP,ESP
0041D083  |.  83EC 20    SUB ESP,20
0041D086  |.  894D E8    MOV DWORD PTR SS:[EBP-18],ECX
0041D089  |.  C645 EC 00 MOV BYTE PTR SS:[EBP-14],0
0041D08D  |.  C645 F4 00 MOV BYTE PTR SS:[EBP-C],0
0041D091  |.  8B45 E8    MOV EAX,DWORD PTR SS:[EBP-18]
0041D094  |.  8B48 14    MOV ECX,DWORD PTR DS:[EAX+14]
0041D097  |.  E8 D40C0000 CALL 复件_Ekd.0041DD70 获取道具ecx的1级值，辅助则为特殊效果值
0041D09C  |.  25 FF000000 AND EAX,0FF
0041D0A1  |.  99          CDQ
0041D0A2  |.  2BC2       SUB EAX,EDX
0041D0A4  |.  D1F8       SAR EAX,1
0041D0A6  |.  8845 F0    MOV BYTE PTR SS:[EBP-10],AL
0041D0A9  |.  C645 FC FF MOV BYTE PTR SS:[EBP-4],0FF
0041D0AD  |.  8B4D E8    MOV ECX,DWORD PTR SS:[EBP-18]
0041D0B0  |.  8A11       MOV DL,BYTE PTR DS:[ECX]
0041D0B2  |.  52          PUSH EDX                      ; /Arg4
0041D0B3  |.  6A 04       PUSH 4                         ; |Arg3 = 00000004
0041D0B5  |.  8B45 E8    MOV EAX,DWORD PTR SS:[EBP-18] ; |
0041D0B8  |.  8A48 18    MOV CL,BYTE PTR DS:[EAX+18]    ; |
0041D0BB  |.  51          PUSH ECX                      ; |Arg2
0041D0BC  |.  8B55 E8    MOV EDX,DWORD PTR SS:[EBP-18] ; |
0041D0BF  |.  8A42 02    MOV AL,BYTE PTR DS:[EDX+2]    ; |
0041D0C2  |.  50          PUSH EAX                      ; |Arg1
0041D0C3  |.  B9 50424B00 MOV ECX,复件_Ekd.004B4250       ; |
0041D0C8  |.  E8 70820300 CALL 复件_Ekd.0045533D          ; \复件_Ekd.0045533D
这个函数又是一个消息监听处理，等待属标点到攻击对象或者点右键取消
(call 453b13是显示攻击范围，call 4541A9是监听)
0041D0CD  |.  8B4D E8    MOV ECX,DWORD PTR SS:[EBP-18]
0041D0D0  |.  8841 03    MOV BYTE PTR DS:[ECX+3],AL
0041D0D3  |.  8B55 E8    MOV EDX,DWORD PTR SS:[EBP-18]
0041D0D6  |.  33C0       XOR EAX,EAX
0041D0D8  |.  8A42 03    MOV AL,BYTE PTR DS:[EDX+3]
0041D0DB  |.  3D FF000000 CMP EAX,0FF Eax是战场编号
0041D0E0  |.  75 05       JNZ SHORT 复件_Ekd.0041D0E7
0041D0E2  |.  E9 C6020000 JMP 复件_Ekd.0041D3AD
0041D0E7  |>  8B4D E8    MOV ECX,DWORD PTR SS:[EBP-18]
0041D0EA  |.  33D2       XOR EDX,EDX
0041D0EC  |.  8A51 03    MOV DL,BYTE PTR DS:[ECX+3]
0041D0EF  |.  6BD2 24    IMUL EDX,EDX,24
0041D0F2  |.  81C2 502C4B00 ADD EDX,复件_Ekd.004B2C50
0041D0F8  |.  8B45 E8    MOV EAX,DWORD PTR SS:[EBP-18]
0041D0FB  |.  8950 08    MOV DWORD PTR DS:[EAX+8],EDX
0041D0FE  |.  8B4D E8    MOV ECX,DWORD PTR SS:[EBP-18]
0041D101  |.  8B49 08    MOV ECX,DWORD PTR DS:[ECX+8] Ecx是点击到的武将的Ecx值
0041D104  |.  E8 67250400 CALL 复件_Ekd.0045F670 获取武将ecx的data编号
0041D109  |.  6BC0 48    IMUL EAX,EAX,48
0041D10C  |.  05 681B4A00 ADD EAX,复件_Ekd.004A1B68
0041D111  |.  8B55 E8    MOV EDX,DWORD PTR SS:[EBP-18]
0041D114  |.  8942 10    MOV DWORD PTR DS:[EDX+10],EAX
0041D117  |.  6A 00       PUSH 0                         ; /Arg3 = 00000000
0041D119  |.  8B45 E8    MOV EAX,DWORD PTR SS:[EBP-18] ; |
0041D11C  |.  8A48 03    MOV CL,BYTE PTR DS:[EAX+3]    ; |
0041D11F  |.  51          PUSH ECX                      ; |Arg2
0041D120  |.  8B55 E8    MOV EDX,DWORD PTR SS:[EBP-18] ; |
0041D123  |.  8A02       MOV AL,BYTE PTR DS:[EDX]       ; |
0041D125  |.  50          PUSH EAX                      ; |Arg1
0041D126  |.  E8 BEF3FFFF CALL 复件_Ekd.0041C4E9          ; \复件_Ekd.0041C4E9
0041D12B  |.  83C4 0C    ADD ESP,0C
0041D12E  |.  85C0       TEST EAX,EAX
0041D130  |.  75 05       JNZ SHORT 复件_Ekd.0041D137
0041D132  |.  E9 76020000 JMP 复件_Ekd.0041D3AD

0041D137  |>  8B4D E8    MOV ECX,DWORD PTR SS:[EBP-18]
0041D13A  |.  33D2       XOR EDX,EDX
0041D13C  |.  8A51 01    MOV DL,BYTE PTR DS:[ECX+1]
0041D13F  |.  8955 E4    MOV DWORD PTR SS:[EBP-1C],EDX
0041D142  |.  8B45 E4    MOV EAX,DWORD PTR SS:[EBP-1C]
0041D145  |.  83E8 46    SUB EAX,46
0041D148  |.  8945 E4    MOV DWORD PTR SS:[EBP-1C],EAX
0041D14B  |.  837D E4 04 CMP DWORD PTR SS:[EBP-1C],4
0041D14F  |.  0F87 08010000 JA 复件_Ekd.0041D25D

0041D155  |.  8B4D E4    MOV ECX,DWORD PTR SS:[EBP-1C]
0041D158  |.  FF248D B1D341>JMP DWORD PTR DS:[ECX*4+41D3B1]
0041D3B1 .  5FD14100    DD 复件_Ekd.0041D15F ; 武力果
0041D3B5 .  94D14100    DD 复件_Ekd.0041D194 智力果
0041D3B9 .  C9D14100    DD 复件_Ekd.0041D1C9 统御果
0041D3BD .  FBD14100    DD 复件_Ekd.0041D1FB  敏捷果
0041D3C1 .  2DD24100    DD 复件_Ekd.0041D22D  好运果
0041D15F  |>  8B55 E8    MOV EDX,DWORD PTR SS:[EBP-18]
0041D162  |.  8B4A 10    MOV ECX,DWORD PTR DS:[EDX+10]
0041D165  |.  E8 060C0000 CALL 复件_Ekd.0041DD70 获取武将ecx的攻击力，不含装备加成效果  （ECX+11）攻击力
0041D16A  |.  8845 EC    MOV BYTE PTR SS:[EBP-14],AL
0041D16D  |.  6A 00       PUSH 0                         ; /Arg1 = 00000000
0041D16F  |.  8B45 E8    MOV EAX,DWORD PTR SS:[EBP-18] ; |
0041D172  |.  8B48 10    MOV ECX,DWORD PTR DS:[EAX+10] ; |
0041D175  |.  E8 B60C0000 CALL 复件_Ekd.0041DE30          ; \复件_Ekd.0041DE30  获取ecx武将的武力
0041D17A  |.  8845 F4    MOV BYTE PTR SS:[EBP-C],AL
0041D17D  |.  8B4D E8    MOV ECX,DWORD PTR SS:[EBP-18]
0041D180  |.  8B49 08    MOV ECX,DWORD PTR DS:[ECX+8]
0041D183  |.  E8 080E0000 CALL 复件_Ekd.0041DF90 获取武将ecx的攻击力状态
0041D188  |.  8845 F8    MOV BYTE PTR SS:[EBP-8],AL
0041D18B  |.  C645 FC 22 MOV BYTE PTR SS:[EBP-4],22
0041D18F  |.  E9 C9000000 JMP 复件_Ekd.0041D25D

0041D194  |>  8B55 E8    MOV EDX,DWORD PTR SS:[EBP-18]
0041D197  |.  8B4A 10    MOV ECX,DWORD PTR DS:[EDX+10]
0041D19A  |.  E8 510C0000 CALL 复件_Ekd.0041DDF0 获取武将ecx的精神力,不含装备加成效果 (ecx+15)精神力
0041D19F  |.  8845 EC    MOV BYTE PTR SS:[EBP-14],AL
0041D1A2  |.  6A 00       PUSH 0                         ; /Arg1 = 00000000
0041D1A4  |.  8B45 E8    MOV EAX,DWORD PTR SS:[EBP-18] ; |
0041D1A7  |.  8B48 10    MOV ECX,DWORD PTR DS:[EAX+10] ; |
0041D1AA  |.  E8 010D0000 CALL 复件_Ekd.0041DEB0          ; \复件_Ekd.0041DEB0 获取ecx武将的智力
0041D1AF  |.  8845 F4    MOV BYTE PTR SS:[EBP-C],AL
0041D1B2  |.  8B4D E8    MOV ECX,DWORD PTR SS:[EBP-18]
0041D1B5  |.  8B49 08    MOV ECX,DWORD PTR DS:[ECX+8]
0041D1B8  |.  E8 130E0000 CALL 复件_Ekd.0041DFD0 获取武将ecx的精神力状态
0041D1BD  |.  8845 F8    MOV BYTE PTR SS:[EBP-8],AL
0041D1C0  |.  C645 FC 22 MOV BYTE PTR SS:[EBP-4],22
0041D1C4  |.  E9 94000000 JMP 复件_Ekd.0041D25D

0041D1C9  |>  8B55 E8    MOV EDX,DWORD PTR SS:[EBP-18]
0041D1CC  |.  8B4A 10    MOV ECX,DWORD PTR DS:[EDX+10]
0041D1CF  |.  E8 DC0B0000 CALL 复件_Ekd.0041DDB0 获取武将ecx的防御力, 不含装备加成效果 (ecx+13防御力)
0041D1D4  |.  8845 EC    MOV BYTE PTR SS:[EBP-14],AL
0041D1D7  |.  6A 00       PUSH 0                         ; /Arg1 = 00000000
0041D1D9  |.  8B45 E8    MOV EAX,DWORD PTR SS:[EBP-18] ; |
0041D1DC  |.  8B48 10    MOV ECX,DWORD PTR DS:[EAX+10] ; |
0041D1DF  |.  E8 8C0C0000 CALL 复件_Ekd.0041DE70          ; \复件_Ekd.0041DE70 获取ecx的统御力
0041D1E4  |.  8845 F4    MOV BYTE PTR SS:[EBP-C],AL
0041D1E7  |.  8B4D E8    MOV ECX,DWORD PTR SS:[EBP-18]
0041D1EA  |.  8B49 08    MOV ECX,DWORD PTR DS:[ECX+8]
0041D1ED  |.  E8 BE0D0000 CALL 复件_Ekd.0041DFB0 获取武将ecx的防御力状态
0041D1F2  |.  8845 F8    MOV BYTE PTR SS:[EBP-8],AL
0041D1F5  |.  C645 FC 23 MOV BYTE PTR SS:[EBP-4],23
0041D1F9  |.  EB 62       JMP SHORT 复件_Ekd.0041D25D

0041D1FB  |>  8B55 E8    MOV EDX,DWORD PTR SS:[EBP-18]
0041D1FE  |.  8B4A 10    MOV ECX,DWORD PTR DS:[EDX+10]
0041D201  |.  E8 8A0D0000 CALL 复件_Ekd.0041DF90 获取武将ecx的爆发力, 不含装备加成效果 (ecx+17爆发力)
0041D206  |.  8845 EC    MOV BYTE PTR SS:[EBP-14],AL
0041D209  |.  6A 00       PUSH 0                         ; /Arg1 = 00000000
0041D20B  |.  8B45 E8    MOV EAX,DWORD PTR SS:[EBP-18] ; |
0041D20E  |.  8B48 10    MOV ECX,DWORD PTR DS:[EAX+10] ; |
0041D211  |.  E8 1A0D0000 CALL 复件_Ekd.0041DF30          ; \复件_Ekd.0041DF30  获取ecx武将的敏捷
0041D216  |.  8845 F4    MOV BYTE PTR SS:[EBP-C],AL
0041D219  |.  8B4D E8    MOV ECX,DWORD PTR SS:[EBP-18]
0041D21C  |.  8B49 08    MOV ECX,DWORD PTR DS:[ECX+8]
0041D21F  |.  E8 CC0D0000 CALL 复件_Ekd.0041DFF0 获取武将ecx的爆发力的状态
0041D224  |.  8845 F8    MOV BYTE PTR SS:[EBP-8],AL
0041D227  |.  C645 FC 24 MOV BYTE PTR SS:[EBP-4],24
0041D22B  |.  EB 30       JMP SHORT 复件_Ekd.0041D25D

0041D22D  |>  8B55 E8    MOV EDX,DWORD PTR SS:[EBP-18]
0041D230  |.  8B4A 10    MOV ECX,DWORD PTR DS:[EDX+10]
0041D233  |.  E8 780D0000 CALL 复件_Ekd.0041DFB0 获取武将ecx的士气, 不含装备加成效果 (ecx+19士气)
0041D238  |.  8845 EC    MOV BYTE PTR SS:[EBP-14],AL
0041D23B  |.  6A 00       PUSH 0                         ; /Arg1 = 00000000
0041D23D  |.  8B45 E8    MOV EAX,DWORD PTR SS:[EBP-18] ; |
0041D240  |.  8B48 10    MOV ECX,DWORD PTR DS:[EAX+10] ; |
0041D243  |.  E8 A80C0000 CALL 复件_Ekd.0041DEF0          ; \复件_Ekd.0041DEF0 获取ecx武将的运气
0041D248  |.  8845 F4    MOV BYTE PTR SS:[EBP-C],AL
0041D24B  |.  8B4D E8    MOV ECX,DWORD PTR SS:[EBP-18]
0041D24E  |.  8B49 08    MOV ECX,DWORD PTR DS:[ECX+8]
0041D251  |.  E8 BA0D0000 CALL 复件_Ekd.0041E010 获取武将ecx的士气的状态
0041D256  |.  8845 F8    MOV BYTE PTR SS:[EBP-8],AL
0041D259  |.  C645 FC 25 MOV BYTE PTR SS:[EBP-4],25

0041D25D  |>  68 FF000000 PUSH 0FF                      ; /Arg3 = 000000FF
0041D262  |.  8A55 F0    MOV DL,BYTE PTR SS:[EBP-10]    ; |
0041D265  |.  52          PUSH EDX                      ; |Arg2
0041D266  |.  8A45 EC    MOV AL,BYTE PTR SS:[EBP-14]    ; |
0041D269  |.  50          PUSH EAX                      ; |Arg1
0041D26A  |.  E8 46280600 CALL 复件_Ekd.0047FAB5       ; \复件_Ekd.0047FAB5  求吃果后的作用，[EBP-14]+[EBP-10]，如果大于FF则为FF
0041D26F  |.  83C4 0C    ADD ESP,0C
0041D272  |.  8845 EC    MOV BYTE PTR SS:[EBP-14],AL
0041D275  |.  6A 32       PUSH 32                         ; /Arg3 = 00000032
0041D277  |.  8A4D F0    MOV CL,BYTE PTR SS:[EBP-10]    ; |
0041D27A  |.  51          PUSH ECX                      ; |Arg2
0041D27B  |.  8A55 F4    MOV DL,BYTE PTR SS:[EBP-C]    ; |
0041D27E  |.  52          PUSH EDX                      ; |Arg1
0041D27F  |.  E8 31280600 CALL 复件_Ekd.0047FAB5    ; \复件_Ekd.0047FAB5求吃果后的作用，[EBP-C]+[EBP-10]，如果大于100则为100
0041D284  |.  83C4 0C    ADD ESP,0C
0041D287  |.  8845 F4    MOV BYTE PTR SS:[EBP-C],AL

0041D28A  |.  8A45 FC    MOV AL,BYTE PTR SS:[EBP-4]
0041D28D  |.  50          PUSH EAX                      ; /Arg1
0041D28E  |.  8B4D E8    MOV ECX,DWORD PTR SS:[EBP-18] ; |
0041D291  |.  E8 CCF4FFFF CALL 复件_Ekd.0041C762          ; \复件_Ekd.0041C762 画图
0041D296  |.  8B4D E8    MOV ECX,DWORD PTR SS:[EBP-18] ;  复件_Ekd.00497750
0041D299  |.  33D2       XOR EDX,EDX
0041D29B  |.  8A51 01    MOV DL,BYTE PTR DS:[ECX+1]
0041D29E  |.  8955 E0    MOV DWORD PTR SS:[EBP-20],EDX
0041D2A1  |.  8B45 E0    MOV EAX,DWORD PTR SS:[EBP-20]
0041D2A4  |.  83E8 46    SUB EAX,46
0041D2A7  |.  8945 E0    MOV DWORD PTR SS:[EBP-20],EAX
0041D2AA  |.  837D E0 04 CMP DWORD PTR SS:[EBP-20],4
0041D2AE  |.  0F87 F9000000 JA 复件_Ekd.0041D3AD
0041D2B4  |.  8B4D E0    MOV ECX,DWORD PTR SS:[EBP-20]
0041D2B7  |.  FF248D C5D341>JMP DWORD PTR DS:[ECX*4+41D3C5]
0041D3C5 .  BED24100    DD 复件_Ekd.0041D2BE ;  分支表被用于 0041D2B7
0041D3C9 .  F0D24100    DD 复件_Ekd.0041D2F0
0041D3CD .  22D34100    DD 复件_Ekd.0041D322
0041D3D1 .  51D34100    DD 复件_Ekd.0041D351
0041D3D5 .  80D34100    DD 复件_Ekd.0041D380
0041D2BE  |>  8A55 EC    MOV DL,BYTE PTR SS:[EBP-14]
0041D2C1  |.  52          PUSH EDX                      ; /Arg1
0041D2C2  |.  8B45 E8    MOV EAX,DWORD PTR SS:[EBP-18] ; |
0041D2C5  |.  8B48 10    MOV ECX,DWORD PTR DS:[EAX+10] ; |
0041D2C8  |.  E8 C30A0000 CALL 复件_Ekd.0041DD90          ; \复件_Ekd.0041DD90  设置ecx武将攻击力
0041D2CD  |.  8A4D F4    MOV CL,BYTE PTR SS:[EBP-C]
0041D2D0  |.  51          PUSH ECX                      ; /Arg1
0041D2D1  |.  8B55 E8    MOV EDX,DWORD PTR SS:[EBP-18] ; |
0041D2D4  |.  8B4A 10    MOV ECX,DWORD PTR DS:[EDX+10] ; |
0041D2D7  |.  E8 740B0000 CALL 复件_Ekd.0041DE50          ; \复件_Ekd.0041DE50 设置ecx武将武力
0041D2DC  |.  6A 01       PUSH 1                         ; /Arg2 = 00000001
0041D2DE  |.  6A 00       PUSH 0                         ; |Arg1 = 00000000
0041D2E0  |.  8B45 E8    MOV EAX,DWORD PTR SS:[EBP-18] ; |
0041D2E3  |.  8B48 08    MOV ECX,DWORD PTR DS:[EAX+8]    ; |
0041D2E6  |.  E8 A3260200 CALL 复件_Ekd.0043F98E          ; \复件_Ekd.0043F98E 上升降武将ecx的攻击力状态。
0041D2EB  |.  E9 BD000000 JMP 复件_Ekd.0041D3AD

0041D2F0  |>  8A4D EC    MOV CL,BYTE PTR SS:[EBP-14]
0041D2F3  |.  51          PUSH ECX                      ; /Arg1
0041D2F4  |.  8B55 E8    MOV EDX,DWORD PTR SS:[EBP-18] ; |
0041D2F7  |.  8B4A 10    MOV ECX,DWORD PTR DS:[EDX+10] ; |
0041D2FA  |.  E8 110B0000 CALL 复件_Ekd.0041DE10          ; \复件_Ekd.0041DE10 设置ecx武将精神力
0041D2FF  |.  8A45 F4    MOV AL,BYTE PTR SS:[EBP-C]
0041D302  |.  50          PUSH EAX                      ; /Arg1
0041D303  |.  8B4D E8    MOV ECX,DWORD PTR SS:[EBP-18] ; |
0041D306  |.  8B49 10    MOV ECX,DWORD PTR DS:[ECX+10] ; |
0041D309  |.  E8 C20B0000 CALL 复件_Ekd.0041DED0          ; \复件_Ekd.0041DED0  设置ecx武将智力
0041D30E  |.  6A 01       PUSH 1                         ; /Arg2 = 00000001
0041D310  |.  6A 02       PUSH 2                         ; |Arg1 = 00000002
0041D312  |.  8B55 E8    MOV EDX,DWORD PTR SS:[EBP-18] ; |
0041D315  |.  8B4A 08    MOV ECX,DWORD PTR DS:[EDX+8]    ; |
0041D318  |.  E8 71260200 CALL 复件_Ekd.0043F98E          ; \复件_Ekd.0043F98E上升降武将ecx的精神力状态
0041D31D  |.  E9 8B000000 JMP 复件_Ekd.0041D3AD

0041D322  |>  8A45 EC    MOV AL,BYTE PTR SS:[EBP-14]
0041D325  |.  50          PUSH EAX                      ; /Arg1
0041D326  |.  8B4D E8    MOV ECX,DWORD PTR SS:[EBP-18] ; |
0041D329  |.  8B49 10    MOV ECX,DWORD PTR DS:[ECX+10] ; |
0041D32C  |.  E8 9F0A0000 CALL 复件_Ekd.0041DDD0          ; \复件_Ekd.0041DDD0  设置ecx武将防御力
0041D331  |.  8A55 F4    MOV DL,BYTE PTR SS:[EBP-C]
0041D334  |.  52          PUSH EDX                      ; /Arg1
0041D335  |.  8B45 E8    MOV EAX,DWORD PTR SS:[EBP-18] ; |
0041D338  |.  8B48 10    MOV ECX,DWORD PTR DS:[EAX+10] ; |
0041D33B  |.  E8 500B0000 CALL 复件_Ekd.0041DE90          ; \复件_Ekd.0041DE90 设置ecx武将统御力
0041D340  |.  6A 01       PUSH 1                         ; /Arg2 = 00000001
0041D342  |.  6A 01       PUSH 1                         ; |Arg1 = 00000001
0041D344  |.  8B4D E8    MOV ECX,DWORD PTR SS:[EBP-18] ; |
0041D347  |.  8B49 08    MOV ECX,DWORD PTR DS:[ECX+8]    ; |
0041D34A  |.  E8 3F260200 CALL 复件_Ekd.0043F98E          ; \复件_Ekd.0043F98E  上升降武将ecx的统御力状态
0041D34F  |.  EB 5C       JMP SHORT 复件_Ekd.0041D3AD

0041D351  |>  8A55 EC    MOV DL,BYTE PTR SS:[EBP-14]
0041D354  |.  52          PUSH EDX                      ; /Arg1
0041D355  |.  8B45 E8    MOV EAX,DWORD PTR SS:[EBP-18] ; |
0041D358  |.  8B48 10    MOV ECX,DWORD PTR DS:[EAX+10] ; |
0041D35B  |.  E8 F0E40300 CALL 复件_Ekd.0045B850          ; \复件_Ekd.0045B850  设置ecx武将爆发力
0041D360  |.  8A4D F4    MOV CL,BYTE PTR SS:[EBP-C]
0041D363  |.  51          PUSH ECX                      ; /Arg1
0041D364  |.  8B55 E8    MOV EDX,DWORD PTR SS:[EBP-18] ; |
0041D367  |.  8B4A 10    MOV ECX,DWORD PTR DS:[EDX+10] ; |
0041D36A  |.  E8 E10B0000 CALL 复件_Ekd.0041DF50          ; \复件_Ekd.0041DF50  设置ecx武将敏捷
0041D36F  |.  6A 01       PUSH 1                         ; /Arg2 = 00000001
0041D371  |.  6A 03       PUSH 3                         ; |Arg1 = 00000003
0041D373  |.  8B45 E8    MOV EAX,DWORD PTR SS:[EBP-18] ; |
0041D376  |.  8B48 08    MOV ECX,DWORD PTR DS:[EAX+8]    ; |
0041D379  |.  E8 10260200 CALL 复件_Ekd.0043F98E          ; \复件_Ekd.0043F98E 上升降武将ecx的爆发力状态
0041D37E  |.  EB 2D       JMP SHORT 复件_Ekd.0041D3AD
0041D380  |>  8A4D EC    MOV CL,BYTE PTR SS:[EBP-14]
0041D383  |.  51          PUSH ECX                      ; /Arg1
0041D384  |.  8B55 E8    MOV EDX,DWORD PTR SS:[EBP-18] ; |
0041D387  |.  8B4A 10    MOV ECX,DWORD PTR DS:[EDX+10] ; |
0041D38A  |.  E8 E1E40300 CALL 复件_Ekd.0045B870          ; \复件_Ekd.0045B870 设置ecx武将士气
0041D38F  |.  8A45 F4    MOV AL,BYTE PTR SS:[EBP-C]
0041D392  |.  50          PUSH EAX                      ; /Arg1
0041D393  |.  8B4D E8    MOV ECX,DWORD PTR SS:[EBP-18] ; |
0041D396  |.  8B49 10    MOV ECX,DWORD PTR DS:[ECX+10] ; |
0041D399  |.  E8 720B0000 CALL 复件_Ekd.0041DF10          ; \复件_Ekd.0041DF10 设置ecx武将运气
0041D39E  |.  6A 01       PUSH 1                         ; /Arg2 = 00000001
0041D3A0  |.  6A 04       PUSH 4                         ; |Arg1 = 00000004
0041D3A2  |.  8B55 E8    MOV EDX,DWORD PTR SS:[EBP-18] ; |
0041D3A5  |.  8B4A 08    MOV ECX,DWORD PTR DS:[EDX+8]    ; |
0041D3A8  |.  E8 E1250200 CALL 复件_Ekd.0043F98E          ; \复件_Ekd.0043F98E 上升降武将ecx的士气状态
0041D3AD  |>  8BE5       MOV ESP,EBP
0041D3AF  |.  5D          POP EBP
0041D3B0  \.  C3          RETN
恢复HP道具
Ecx: 00497750
EBP+8  等于1
两个局部变量：
EBP-4 存放道具回复的HP数
EBP-8 存放497750
0041CCDF  /$  55          PUSH EBP
0041CCE0  |.  8BEC       MOV EBP,ESP
0041CCE2  |.  83EC 08    SUB ESP,8
0041CCE5  |.  894D F8    MOV DWORD PTR SS:[EBP-8],ECX
0041CCE8  |.  837D 08 00 CMP DWORD PTR SS:[EBP+8],0
0041CCEC  |.  74 6C       JE SHORT 复件_Ekd.0041CD5A
0041CCEE  |.  8B45 F8    MOV EAX,DWORD PTR SS:[EBP-8]
0041CCF1  |.  8A08       MOV CL,BYTE PTR DS:[EAX]
0041CCF3  |.  51          PUSH ECX                               ; /Arg4
0041CCF4  |.  6A 04       PUSH 4                                  ; |Arg3 = 00000004
0041CCF6  |.  8B55 F8    MOV EDX,DWORD PTR SS:[EBP-8]          ; |
0041CCF9  |.  8A42 18    MOV AL,BYTE PTR DS:[EDX+18]             ; |
0041CCFC  |.  50          PUSH EAX                               ; |Arg2
0041CCFD  |.  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]          ; |
0041CD00  |.  8A51 02    MOV DL,BYTE PTR DS:[ECX+2]             ; |
0041CD03  |.  52          PUSH EDX                               ; |Arg1
0041CD04  |.  B9 50424B00 MOV ECX,复件_Ekd.004B4250                ; |
0041CD09  |.  E8 2F860300 CALL 复件_Ekd.0045533D                   ; \复件_Ekd.0045533D
这个函数又是一个消息监听处理，等待属标点到攻击对象或者点右键取消
(call 453b13是显示攻击范围，call 4541A9是监听)
0041CD0E  |.  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]
0041CD11  |.  8841 03    MOV BYTE PTR DS:[ECX+3],AL
0041CD14  |.  8B55 F8    MOV EDX,DWORD PTR SS:[EBP-8]
0041CD17  |.  33C0       XOR EAX,EAX
0041CD19  |.  8A42 03    MOV AL,BYTE PTR DS:[EDX+3]
0041CD1C  |.  3D FF000000 CMP EAX,0FF EAX是战场编号
0041CD21  |.  75 05       JNZ SHORT 复件_Ekd.0041CD28
0041CD23  |.  E9 0F010000 JMP 复件_Ekd.0041CE37  结束
0041CD28  |>  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]
0041CD2B  |.  33D2       XOR EDX,EDX
0041CD2D  |.  8A51 03    MOV DL,BYTE PTR DS:[ECX+3]
0041CD30  |.  6BD2 24    IMUL EDX,EDX,24
0041CD33  |.  81C2 502C4B00 ADD EDX,复件_Ekd.004B2C50
0041CD39  |.  8B45 F8    MOV EAX,DWORD PTR SS:[EBP-8]
0041CD3C  |.  8950 08    MOV DWORD PTR DS:[EAX+8],EDX
0041CD3F  |.  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]
0041CD42  |.  8B49 08    MOV ECX,DWORD PTR DS:[ECX+8]
0041CD45  |.  E8 26290400 CALL 复件_Ekd.0045F670 获取武将ecx的data编号
0041CD4A  |.  6BC0 48    IMUL EAX,EAX,48
0041CD4D  |.  05 681B4A00 ADD EAX,复件_Ekd.004A1B68
0041CD52  |.  8B55 F8    MOV EDX,DWORD PTR SS:[EBP-8]
0041CD55  |.  8942 10    MOV DWORD PTR DS:[EDX+10],EAX
0041CD58  |.  EB 24       JMP SHORT 复件_Ekd.0041CD7E

0041CD5A  |>  8B45 F8    MOV EAX,DWORD PTR SS:[EBP-8]
0041CD5D  |.  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]
0041CD60  |.  8A51 02    MOV DL,BYTE PTR DS:[ECX+2]
0041CD63  |.  8850 03    MOV BYTE PTR DS:[EAX+3],DL
0041CD66  |.  8B45 F8    MOV EAX,DWORD PTR SS:[EBP-8]
0041CD69  |.  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]
0041CD6C  |.  8B51 04    MOV EDX,DWORD PTR DS:[ECX+4]
0041CD6F  |.  8950 08    MOV DWORD PTR DS:[EAX+8],EDX
0041CD72  |.  8B45 F8    MOV EAX,DWORD PTR SS:[EBP-8]
0041CD75  |.  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]
0041CD78  |.  8B51 0C    MOV EDX,DWORD PTR DS:[ECX+C]
0041CD7B  |.  8950 10    MOV DWORD PTR DS:[EAX+10],EDX

0041CD7E  |>  6A 00       PUSH 0                                  ; /Arg3 = 00000000
0041CD80  |.  8B45 F8    MOV EAX,DWORD PTR SS:[EBP-8]          ; |
0041CD83  |.  8A48 03    MOV CL,BYTE PTR DS:[EAX+3]             ; |
0041CD86  |.  51          PUSH ECX                               ; |Arg2
0041CD87  |.  8B55 F8    MOV EDX,DWORD PTR SS:[EBP-8]          ; |
0041CD8A  |.  8A02       MOV AL,BYTE PTR DS:[EDX]                ; |
0041CD8C  |.  50          PUSH EAX                               ; |Arg1
0041CD8D  |.  E8 57F7FFFF CALL 复件_Ekd.0041C4E9                   ; \复件_Ekd.0041C4E9 判断道具是否合法，非法返回0
0041CD92  |.  83C4 0C    ADD ESP,0C
0041CD95  |.  85C0       TEST EAX,EAX
0041CD97  |.  75 05       JNZ SHORT 复件_Ekd.0041CD9E
0041CD99  |.  E9 99000000 JMP 复件_Ekd.0041CE37
0041CD9E  |>  6A 00       PUSH 0                                  ; /Arg2 = 00000000
0041CDA0  |.  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]          ; |
0041CDA3  |.  8A11       MOV DL,BYTE PTR DS:[ECX]                ; |
0041CDA5  |.  52          PUSH EDX                               ; |Arg1
0041CDA6  |.  8B45 F8    MOV EAX,DWORD PTR SS:[EBP-8]          ; |
0041CDA9  |.  8B48 08    MOV ECX,DWORD PTR DS:[EAX+8]          ; |
0041CDAC  |.  E8 7DF60100 CALL 复件_Ekd.0043C42E             ; \复件_Ekd.0043C42E  获取恢复道具的实际效果值，超过最大HP的会去掉
0041CDB1  |.  8945 FC    MOV DWORD PTR SS:[EBP-4],EAX
0041CDB4  |.  68 FF000000 PUSH 0FF                               ; /Arg1 = 000000FF
0041CDB9  |.  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]          ; |
0041CDBC  |.  E8 A1F9FFFF CALL 复件_Ekd.0041C762                   ; \复件_Ekd.0041C762  使用道具的画图函数
0041CDC1  |.  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]
0041CDC4  |.  8B49 08    MOV ECX,DWORD PTR DS:[ECX+8]
0041CDC7  |.  E8 9465FEFF CALL 复件_Ekd.00403360
0041CDCC  |.  50          PUSH EAX                               ; /Arg1
0041CDCD  |.  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]          ; |
0041CDD0  |.  83C1 19    ADD ECX,19                            ; |
0041CDD3  |.  E8 C897FEFF CALL 复件_Ekd.004065A0                   ; \复件_Ekd.004065A0
0041CDD8  |.  8B55 F8    MOV EDX,DWORD PTR SS:[EBP-8]
0041CDDB  |.  8A42 02    MOV AL,BYTE PTR DS:[EDX+2]
0041CDDE  |.  50          PUSH EAX                               ; /Arg3
0041CDDF  |.  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]          ; |
0041CDE2  |.  8A51 1A    MOV DL,BYTE PTR DS:[ECX+1A]             ; |
0041CDE5  |.  52          PUSH EDX                               ; |Arg2
0041CDE6  |.  8B45 F8    MOV EAX,DWORD PTR SS:[EBP-8]          ; |
0041CDE9  |.  8A48 19    MOV CL,BYTE PTR DS:[EAX+19]             ; |
0041CDEC  |.  51          PUSH ECX                               ; |Arg1
0041CDED  |.  B9 50424B00 MOV ECX,复件_Ekd.004B4250                ; |
0041CDF2  |.  E8 2C830300 CALL 复件_Ekd.00455123                   ; \复件_Ekd.00455123  使用道具者的Mov图回复正常
0041CDF7  |.  6A 01       PUSH 1                                  ; /Arg8 = 00000001
0041CDF9  |.  6A 00       PUSH 0                                  ; |Arg7 = 00000000
0041CDFB  |.  6A 00       PUSH 0                                  ; |Arg6 = 00000000
0041CDFD  |.  6A 00       PUSH 0                                  ; |Arg5 = 00000000
0041CDFF  |.  6A 00       PUSH 0                                  ; |Arg4 = 00000000
0041CE01  |.  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]          ; |
0041CE04  |.  F7DA       NEG EDX                               ; | 对恢复效果值取反
0041CE06  |.  52          PUSH EDX                               ; |Arg3
0041CE07  |.  8B45 F8    MOV EAX,DWORD PTR SS:[EBP-8]          ; |
0041CE0A  |.  8A48 02    MOV CL,BYTE PTR DS:[EAX+2]             ; |
0041CE0D  |.  51          PUSH ECX                               ; |Arg2
0041CE0E  |.  8B55 F8    MOV EDX,DWORD PTR SS:[EBP-8]          ; |
0041CE11  |.  8A42 03    MOV AL,BYTE PTR DS:[EDX+3]             ; |
0041CE14  |.  50          PUSH EAX                               ; |Arg1
0041CE15  |.  E8 6A3B0300 CALL 复件_Ekd.00450984                   ; \复件_Ekd.00450984  显示+HP的图
0041CE1A  |.  83C4 20    ADD ESP,20
0041CE1D  |.  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]
0041CE20  |.  8B49 08    MOV ECX,DWORD PTR DS:[ECX+8]
0041CE23  |.  E8 685E0500 CALL 复件_Ekd.00472C90 获取ecx武将当前HP值
0041CE28  |.  0345 FC    ADD EAX,DWORD PTR SS:[EBP-4]
0041CE2B  |.  50          PUSH EAX                               ; /Arg1
0041CE2C  |.  8B55 F8    MOV EDX,DWORD PTR SS:[EBP-8]          ; |
0041CE2F  |.  8B4A 08    MOV ECX,DWORD PTR DS:[EDX+8]          ; |
0041CE32  |.  E8 96280200 CALL 复件_Ekd.0043F6CD  ; \复件_Ekd.0043F6CD  设置ecx武将的HP值，如果大于加上装备后的最大值，按最大值算
0041CE37  |>  8BE5       MOV ESP,EBP
0041CE39  |.  5D          POP EBP
0041CE3A  \.  C2 0400    RETN 4

使用回复MP道具
0041CE3D  /$  55          PUSH EBP
0041CE3E  |.  8BEC       MOV EBP,ESP
0041CE40  |.  83EC 08    SUB ESP,8
0041CE43  |.  894D F8    MOV DWORD PTR SS:[EBP-8],ECX
0041CE46  |.  8B45 F8    MOV EAX,DWORD PTR SS:[EBP-8]
0041CE49  |.  8A08       MOV CL,BYTE PTR DS:[EAX]
0041CE4B  |.  51          PUSH ECX                      ; /Arg4
0041CE4C  |.  6A 04       PUSH 4                         ; |Arg3 = 00000004
0041CE4E  |.  8B55 F8    MOV EDX,DWORD PTR SS:[EBP-8]    ; |
0041CE51  |.  8A42 18    MOV AL,BYTE PTR DS:[EDX+18]    ; |
0041CE54  |.  50          PUSH EAX                      ; |Arg2
0041CE55  |.  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]    ; |
0041CE58  |.  8A51 02    MOV DL,BYTE PTR DS:[ECX+2]    ; |
0041CE5B  |.  52          PUSH EDX                      ; |Arg1
0041CE5C  |.  B9 50424B00 MOV ECX,复件_Ekd.004B4250       ; |
0041CE61  |.  E8 D7840300 CALL 复件_Ekd.0045533D          ; \复件_Ekd.0045533D
这个函数又是一个消息监听处理，等待属标点到攻击对象或者点右键取消
(call 453b13是显示攻击范围，call 4541A9是监听)
0041CE66  |.  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]
0041CE69  |.  8841 03    MOV BYTE PTR DS:[ECX+3],AL
0041CE6C  |.  8B55 F8    MOV EDX,DWORD PTR SS:[EBP-8]
0041CE6F  |.  33C0       XOR EAX,EAX
0041CE71  |.  8A42 03    MOV AL,BYTE PTR DS:[EDX+3]
0041CE74  |.  3D FF000000 CMP EAX,0FF
0041CE79  |.  75 05       JNZ SHORT 复件_Ekd.0041CE80
0041CE7B  |.  E9 DD000000 JMP 复件_Ekd.0041CF5D
0041CE80  |>  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]
0041CE83  |.  33D2       XOR EDX,EDX
0041CE85  |.  8A51 03    MOV DL,BYTE PTR DS:[ECX+3]
0041CE88  |.  6BD2 24    IMUL EDX,EDX,24
0041CE8B  |.  81C2 502C4B00 ADD EDX,复件_Ekd.004B2C50
0041CE91  |.  8B45 F8    MOV EAX,DWORD PTR SS:[EBP-8]
0041CE94  |.  8950 08    MOV DWORD PTR DS:[EAX+8],EDX
0041CE97  |.  6A 00       PUSH 0                         ; /Arg3 = 00000000
0041CE99  |.  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]    ; |
0041CE9C  |.  8A51 03    MOV DL,BYTE PTR DS:[ECX+3]    ; |
0041CE9F  |.  52          PUSH EDX                      ; |Arg2
0041CEA0  |.  8B45 F8    MOV EAX,DWORD PTR SS:[EBP-8]    ; |
0041CEA3  |.  8A08       MOV CL,BYTE PTR DS:[EAX]       ; |
0041CEA5  |.  51          PUSH ECX                      ; |Arg1
0041CEA6  |.  E8 3EF6FFFF CALL 复件_Ekd.0041C4E9          ; \复件_Ekd.0041C4E9
0041CEAB  |.  83C4 0C    ADD ESP,0C
0041CEAE  |.  85C0       TEST EAX,EAX
0041CEB0  |.  75 05       JNZ SHORT 复件_Ekd.0041CEB7
0041CEB2  |.  E9 A6000000 JMP 复件_Ekd.0041CF5D
0041CEB7  |>  6A 00       PUSH 0                         ; /Arg2 = 00000000
0041CEB9  |.  8B55 F8    MOV EDX,DWORD PTR SS:[EBP-8]    ; |
0041CEBC  |.  8A02       MOV AL,BYTE PTR DS:[EDX]       ; |
0041CEBE  |.  50          PUSH EAX                      ; |Arg1
0041CEBF  |.  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]    ; |
0041CEC2  |.  8B49 08    MOV ECX,DWORD PTR DS:[ECX+8]    ; |
0041CEC5  |.  E8 64F50100 CALL 复件_Ekd.0043C42E          ; \复件_Ekd.0043C42E
0041CECA  |.  8845 FC    MOV BYTE PTR SS:[EBP-4],AL
0041CECD  |.  68 FF000000 PUSH 0FF                      ; /Arg1 = 000000FF
0041CED2  |.  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]    ; |
0041CED5  |.  E8 88F8FFFF CALL 复件_Ekd.0041C762          ; \复件_Ekd.0041C762
0041CEDA  |.  8B55 F8    MOV EDX,DWORD PTR SS:[EBP-8]
0041CEDD  |.  8B4A 08    MOV ECX,DWORD PTR DS:[EDX+8]
0041CEE0  |.  E8 7B64FEFF CALL 复件_Ekd.00403360
0041CEE5  |.  50          PUSH EAX                      ; /Arg1
0041CEE6  |.  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]    ; |
0041CEE9  |.  83C1 19    ADD ECX,19                      ; |
0041CEEC  |.  E8 AF96FEFF CALL 复件_Ekd.004065A0          ; \复件_Ekd.004065A0
0041CEF1  |.  8B45 F8    MOV EAX,DWORD PTR SS:[EBP-8]
0041CEF4  |.  8A48 02    MOV CL,BYTE PTR DS:[EAX+2]
0041CEF7  |.  51          PUSH ECX                      ; /Arg3
0041CEF8  |.  8B55 F8    MOV EDX,DWORD PTR SS:[EBP-8]    ; |
0041CEFB  |.  8A42 1A    MOV AL,BYTE PTR DS:[EDX+1A]    ; |
0041CEFE  |.  50          PUSH EAX                      ; |Arg2
0041CEFF  |.  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]    ; |
0041CF02  |.  8A51 19    MOV DL,BYTE PTR DS:[ECX+19]    ; |
0041CF05  |.  52          PUSH EDX                      ; |Arg1
0041CF06  |.  B9 50424B00 MOV ECX,复件_Ekd.004B4250       ; |
0041CF0B  |.  E8 13820300 CALL 复件_Ekd.00455123          ; \复件_Ekd.00455123
0041CF10  |.  6A 01       PUSH 1                         ; /Arg8 = 00000001
0041CF12  |.  6A 00       PUSH 0                         ; |Arg7 = 00000000
0041CF14  |.  6A 00       PUSH 0                         ; |Arg6 = 00000000
0041CF16  |.  6A 00       PUSH 0                         ; |Arg5 = 00000000
0041CF18  |.  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]    ; |
0041CF1B  |.  25 FF000000 AND EAX,0FF                   ; |
0041CF20  |.  F7D8       NEG EAX                         ; |
0041CF22  |.  50          PUSH EAX                      ; |Arg4
0041CF23  |.  6A 00       PUSH 0                         ; |Arg3 = 00000000
0041CF25  |.  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]    ; |
0041CF28  |.  8A51 02    MOV DL,BYTE PTR DS:[ECX+2]    ; |
0041CF2B  |.  52          PUSH EDX                      ; |Arg2
0041CF2C  |.  8B45 F8    MOV EAX,DWORD PTR SS:[EBP-8]    ; |
0041CF2F  |.  8A48 03    MOV CL,BYTE PTR DS:[EAX+3]    ; |
0041CF32  |.  51          PUSH ECX                      ; |Arg1
0041CF33  |.  E8 4C3A0300 CALL 复件_Ekd.00450984          ; \复件_Ekd.00450984
0041CF38  |.  83C4 20    ADD ESP,20
0041CF3B  |.  8B55 F8    MOV EDX,DWORD PTR SS:[EBP-8]
0041CF3E  |.  8B4A 08    MOV ECX,DWORD PTR DS:[EDX+8]
0041CF41  |.  E8 FA580500 CALL 复件_Ekd.00472840
0041CF46  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
0041CF49  |.  81E1 FF000000 AND ECX,0FF
0041CF4F  |.  03C1       ADD EAX,ECX
0041CF51  |.  50          PUSH EAX                      ; /Arg1
0041CF52  |.  8B55 F8    MOV EDX,DWORD PTR SS:[EBP-8]    ; |
0041CF55  |.  8B4A 08    MOV ECX,DWORD PTR DS:[EDX+8]    ; |
0041CF58  |.  E8 B1270200 CALL 复件_Ekd.0043F70E          ; \复件_Ekd.0043F70E
0041CF5D  |>  8BE5       MOV ESP,EBP
0041CF5F  |.  5D          POP EBP
0041CF60  \.  C3          RETN

使用印授函数
0041D4DB  /$  55          PUSH EBP
0041D4DC  |.  8BEC       MOV EBP,ESP
0041D4DE  |.  6A FF       PUSH -1
0041D4E0  |.  68 52524800 PUSH 复件_Ekd.00485252          ;  SE 处理程序安装
0041D4E5  |.  64:A1 0000000>MOV EAX,DWORD PTR FS:[0]
0041D4EB  |.  50          PUSH EAX
0041D4EC  |.  64:8925 00000>MOV DWORD PTR FS:[0],ESP
0041D4F3  |.  81EC 2C010000 SUB ESP,12C
0041D4F9  |.  53          PUSH EBX
0041D4FA  |.  898D C8FEFFFF MOV DWORD PTR SS:[EBP-138],ECX
0041D500  |.  8D8D F0FEFFFF LEA ECX,DWORD PTR SS:[EBP-110]
0041D506  |.  E8 A55DFEFF CALL 复件_Ekd.004032B0
0041D50B  |.  C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0
0041D512  |.  8B85 C8FEFFFF MOV EAX,DWORD PTR SS:[EBP-138]
0041D518  |.  8A08       MOV CL,BYTE PTR DS:[EAX]
0041D51A  |.  51          PUSH ECX                      ; /Arg4
0041D51B  |.  6A 04       PUSH 4                         ; |Arg3 = 00000004
0041D51D  |.  8B95 C8FEFFFF MOV EDX,DWORD PTR SS:[EBP-138] ; |
0041D523  |.  8A42 18    MOV AL,BYTE PTR DS:[EDX+18]    ; |
0041D526  |.  50          PUSH EAX                      ; |Arg2
0041D527  |.  8B8D C8FEFFFF MOV ECX,DWORD PTR SS:[EBP-138] ; |
0041D52D  |.  8A51 02    MOV DL,BYTE PTR DS:[ECX+2]    ; |
0041D530  |.  52          PUSH EDX                      ; |Arg1
0041D531  |.  B9 50424B00 MOV ECX,复件_Ekd.004B4250       ; |
0041D536  |.  E8 027E0300 CALL 复件_Ekd.0045533D          ; \复件_Ekd.0045533D
这个函数又是一个消息监听处理，等待属标点到攻击对象或者点右键取消
(call 453b13是显示攻击范围，call 4541A9是监听)
0041D53B  |.  8B8D C8FEFFFF MOV ECX,DWORD PTR SS:[EBP-138]
0041D541  |.  8841 03    MOV BYTE PTR DS:[ECX+3],AL
0041D544  |.  8B95 C8FEFFFF MOV EDX,DWORD PTR SS:[EBP-138]
0041D54A  |.  33C0       XOR EAX,EAX
0041D54C  |.  8A42 03    MOV AL,BYTE PTR DS:[EDX+3]
0041D54F  |.  3D FF000000 CMP EAX,0FF
0041D554  |.  75 17       JNZ SHORT 复件_Ekd.0041D56D
0041D556  |.  C745 FC FFFFF>MOV DWORD PTR SS:[EBP-4],-1
0041D55D  |.  8D8D F0FEFFFF LEA ECX,DWORD PTR SS:[EBP-110]
0041D563  |.  E8 685DFEFF CALL 复件_Ekd.004032D0
0041D568  |.  E9 40060000 JMP 复件_Ekd.0041DBAD
0041D56D  |>  8B8D C8FEFFFF MOV ECX,DWORD PTR SS:[EBP-138]
0041D573  |.  33D2       XOR EDX,EDX
0041D575  |.  8A51 03    MOV DL,BYTE PTR DS:[ECX+3]
0041D578  |.  6BD2 24    IMUL EDX,EDX,24
0041D57B  |.  81C2 502C4B00 ADD EDX,复件_Ekd.004B2C50
0041D581  |.  8B85 C8FEFFFF MOV EAX,DWORD PTR SS:[EBP-138]
0041D587  |.  8950 08    MOV DWORD PTR DS:[EAX+8],EDX
0041D58A  |.  8B8D C8FEFFFF MOV ECX,DWORD PTR SS:[EBP-138]
0041D590  |.  8B49 08    MOV ECX,DWORD PTR DS:[ECX+8]
0041D593  |.  E8 D8200400 CALL 复件_Ekd.0045F670  获取武将ecx的data编号
0041D598  |.  6BC0 48    IMUL EAX,EAX,48
0041D59B  |.  05 681B4A00 ADD EAX,复件_Ekd.004A1B68
0041D5A0  |.  8B95 C8FEFFFF MOV EDX,DWORD PTR SS:[EBP-138]
0041D5A6  |.  8942 10    MOV DWORD PTR DS:[EDX+10],EAX
0041D5A9  |.  6A 00       PUSH 0                         ; /Arg3 = 00000000
0041D5AB  |.  8B85 C8FEFFFF MOV EAX,DWORD PTR SS:[EBP-138] ; |
0041D5B1  |.  8A48 03    MOV CL,BYTE PTR DS:[EAX+3]    ; |
0041D5B4  |.  51          PUSH ECX                      ; |Arg2
0041D5B5  |.  8B95 C8FEFFFF MOV EDX,DWORD PTR SS:[EBP-138] ; |
0041D5BB  |.  8A02       MOV AL,BYTE PTR DS:[EDX]       ; |
0041D5BD  |.  50          PUSH EAX                      ; |Arg1
0041D5BE  |.  E8 26EFFFFF CALL 复件_Ekd.0041C4E9          ; \复件_Ekd.0041C4E9
0041D5C3  |.  83C4 0C    ADD ESP,0C
0041D5C6  |.  85C0       TEST EAX,EAX
0041D5C8  |.  75 17       JNZ SHORT 复件_Ekd.0041D5E1
0041D5CA  |.  C745 FC FFFFF>MOV DWORD PTR SS:[EBP-4],-1
0041D5D1  |.  8D8D F0FEFFFF LEA ECX,DWORD PTR SS:[EBP-110]
0041D5D7  |.  E8 F45CFEFF CALL 复件_Ekd.004032D0
0041D5DC  |.  E9 CC050000 JMP 复件_Ekd.0041DBAD
0041D5E1  |>  68 FF000000 PUSH 0FF                      ; /Arg1 = 000000FF
0041D5E6  |.  8B8D C8FEFFFF MOV ECX,DWORD PTR SS:[EBP-138] ; |
0041D5EC  |.  E8 71F1FFFF CALL 复件_Ekd.0041C762          ; \复件_Ekd.0041C762  使用道具的画图函数
0041D5F1  |.  8B8D C8FEFFFF MOV ECX,DWORD PTR SS:[EBP-138]
0041D5F7  |.  8B49 10    MOV ECX,DWORD PTR DS:[ECX+10]
0041D5FA  |.  E8 1190FEFF CALL 复件_Ekd.00406610 获取武将ecx的兵种
0041D5FF  |.  8885 E8FEFFFF MOV BYTE PTR SS:[EBP-118],AL
0041D605  |.  6A 05       PUSH 5                         ; /Arg1 = 00000005
0041D607  |.  8B8D E8FEFFFF MOV ECX,DWORD PTR SS:[EBP-118] ; |
0041D60D  |.  81E1 FF000000 AND ECX,0FF                   ; |
0041D613  |.  6BC9 1B    IMUL ECX,ECX,1B                ; |
0041D616  |.  81C1 A0BF4A00 ADD ECX,复件_Ekd.004ABFA0       ; |
0041D61C  |.  E8 7FBFFEFF CALL 复件_Ekd.004095A0          ; \复件_Ekd.004095A0
0041D621  |.  25 FF000000 AND EAX,0FF
0041D626  |.  D1E0       SHL EAX,1
0041D628  |.  8885 ECFEFFFF MOV BYTE PTR SS:[EBP-114],AL
0041D62E  |.  6A 06       PUSH 6                         ; /Arg1 = 00000006
0041D630  |.  8B8D E8FEFFFF MOV ECX,DWORD PTR SS:[EBP-118] ; |
0041D636  |.  81E1 FF000000 AND ECX,0FF                   ; |
0041D63C  |.  6BC9 1B    IMUL ECX,ECX,1B                ; |
0041D63F  |.  81C1 A0BF4A00 ADD ECX,复件_Ekd.004ABFA0       ; |
0041D645  |.  E8 56BFFEFF CALL 复件_Ekd.004095A0          ; \复件_Ekd.004095A0
0041D64A  |.  25 FF000000 AND EAX,0FF
0041D64F  |.  D1E0       SHL EAX,1
0041D651  |.  8885 E4FEFFFF MOV BYTE PTR SS:[EBP-11C],AL
0041D657  |.  8B95 ECFEFFFF MOV EDX,DWORD PTR SS:[EBP-114]
0041D65D  |.  81E2 FF000000 AND EDX,0FF
0041D663  |.  52          PUSH EDX                      ; /Arg2
0041D664  |.  6A 05       PUSH 5                         ; |Arg1 = 00000005
0041D666  |.  8B85 C8FEFFFF MOV EAX,DWORD PTR SS:[EBP-138] ; |
0041D66C  |.  8B48 10    MOV ECX,DWORD PTR DS:[EAX+10] ; |
0041D66F  |.  E8 A397FEFF CALL 复件_Ekd.00406E17          ; \复件_Ekd.00406E17
0041D674  |.  8B8D E4FEFFFF MOV ECX,DWORD PTR SS:[EBP-11C]
0041D67A  |.  81E1 FF000000 AND ECX,0FF
0041D680  |.  51          PUSH ECX                      ; /Arg2
0041D681  |.  6A 06       PUSH 6                         ; |Arg1 = 00000006
0041D683  |.  8B95 C8FEFFFF MOV EDX,DWORD PTR SS:[EBP-138] ; |
0041D689  |.  8B4A 10    MOV ECX,DWORD PTR DS:[EDX+10] ; |
0041D68C  |.  E8 8697FEFF CALL 复件_Ekd.00406E17          ; \复件_Ekd.00406E17
0041D691  |.  8B85 C8FEFFFF MOV EAX,DWORD PTR SS:[EBP-138]
0041D697  |.  8B48 10    MOV ECX,DWORD PTR DS:[EAX+10]
0041D69A  |.  E8 7C9BFEFF CALL 复件_Ekd.0040721B
0041D69F  |.  50          PUSH EAX                      ; /Arg1
0041D6A0  |.  8B8D C8FEFFFF MOV ECX,DWORD PTR SS:[EBP-138] ; |
0041D6A6  |.  8B49 08    MOV ECX,DWORD PTR DS:[ECX+8]    ; |
0041D6A9  |.  E8 1F200200 CALL 复件_Ekd.0043F6CD          ; \复件_Ekd.0043F6CD
0041D6AE  |.  8B95 C8FEFFFF MOV EDX,DWORD PTR SS:[EBP-138]
0041D6B4  |.  8B4A 10    MOV ECX,DWORD PTR DS:[EDX+10]
0041D6B7  |.  E8 8E9BFEFF CALL 复件_Ekd.0040724A
0041D6BC  |.  50          PUSH EAX                      ; /Arg1
0041D6BD  |.  8B85 C8FEFFFF MOV EAX,DWORD PTR SS:[EBP-138] ; |
0041D6C3  |.  8B48 08    MOV ECX,DWORD PTR DS:[EAX+8]    ; |
0041D6C6  |.  E8 43200200 CALL 复件_Ekd.0043F70E          ; \复件_Ekd.0043F70E
0041D6CB  |.  6A 00       PUSH 0
0041D6CD  |.  6A 00       PUSH 0
0041D6CF  |.  6A 0B       PUSH 0B
0041D6D1  |.  8B8D C8FEFFFF MOV ECX,DWORD PTR SS:[EBP-138]
0041D6D7  |.  8B49 10    MOV ECX,DWORD PTR DS:[ECX+10]
0041D6DA  |.  E8 21BEFEFF CALL 复件_Ekd.00409500
0041D6DF  |.  50          PUSH EAX                      ; |Arg1
0041D6E0  |.  B9 F05D4B00 MOV ECX,复件_Ekd.004B5DF0       ; |
0041D6E5  |.  E8 A5A00300 CALL 复件_Ekd.0045778F          ; \复件_Ekd.0045778F
0041D6EA  |.  68 D0BB4800 PUSH 复件_Ekd.0048BBD0          ; /Arg1 = 0048BBD0 ASCII "UNIT_SPC.E5"
0041D6EF  |.  8D8D F0FEFFFF LEA ECX,DWORD PTR SS:[EBP-110] ; |
0041D6F5  |.  E8 3B240000 CALL 复件_Ekd.0041FB35          ; \复件_Ekd.0041FB35
0041D6FA  |.  6A 04       PUSH 4                         ; /Arg3 = 00000004
0041D6FC  |.  6A 00       PUSH 0                         ; |Arg2 = 00000000
0041D6FE  |.  68 00690000 PUSH 6900                      ; |Arg1 = 00006900
0041D703  |.  B9 C8E44A00 MOV ECX,复件_Ekd.004AE4C8       ; |
0041D708  |.  E8 33230600 CALL 复件_Ekd.0047FA40          ; \复件_Ekd.0047FA40
0041D70D  |.  50          PUSH EAX                      ; /Arg2
0041D70E  |.  8B95 C8FEFFFF MOV EDX,DWORD PTR SS:[EBP-138] ; |
0041D714  |.  33C0       XOR EAX,EAX                   ; |
0041D716  |.  8A42 03    MOV AL,BYTE PTR DS:[EDX+3]    ; |
0041D719  |.  50          PUSH EAX                      ; |/Arg1
0041D71A  |.  8B8D C8FEFFFF MOV ECX,DWORD PTR SS:[EBP-138] ; ||
0041D720  |.  8B49 08    MOV ECX,DWORD PTR DS:[ECX+8]    ; ||
0041D723  |.  E8 20250200 CALL 复件_Ekd.0043FC48          ; |\复件_Ekd.0043FC48
0041D728  |.  25 FF000000 AND EAX,0FF                   ; |
0041D72D  |.  50          PUSH EAX                      ; |Arg1
0041D72E  |.  8D8D F0FEFFFF LEA ECX,DWORD PTR SS:[EBP-110] ; |
0041D734  |.  E8 50250000 CALL 复件_Ekd.0041FC89          ; \复件_Ekd.0041FC89
0041D739  |.  68 00090000 PUSH 900                      ; /Arg3 = 00000900
0041D73E  |.  6A 04       PUSH 4                         ; |/Arg3 = 00000004
0041D740  |.  6A 00       PUSH 0                         ; ||Arg2 = 00000000
0041D742  |.  6A 00       PUSH 0                         ; ||Arg1 = 00000000
0041D744  |.  B9 C8E44A00 MOV ECX,复件_Ekd.004AE4C8       ; ||
0041D749  |.  E8 F2220600 CALL 复件_Ekd.0047FA40          ; |\复件_Ekd.0047FA40
0041D74E  |.  50          PUSH EAX                      ; |Arg2
0041D74F  |.  6A 04       PUSH 4                         ; |/Arg3 = 00000004
0041D751  |.  6A 00       PUSH 0                         ; ||Arg2 = 00000000
0041D753  |.  68 008D0000 PUSH 8D00                      ; ||Arg1 = 00008D00
0041D758  |.  B9 C8E44A00 MOV ECX,复件_Ekd.004AE4C8       ; ||
0041D75D  |.  E8 DE220600 CALL 复件_Ekd.0047FA40          ; |\复件_Ekd.0047FA40
0041D762  |.  50          PUSH EAX                      ; |Arg1
0041D763  |.  E8 95250600 CALL 复件_Ekd.0047FCFD          ; \复件_Ekd.0047FCFD
0041D768  |.  83C4 0C    ADD ESP,0C
0041D76B  |.  8B95 E8FEFFFF MOV EDX,DWORD PTR SS:[EBP-118]
0041D771  |.  81E2 FF000000 AND EDX,0FF
0041D777  |.  83C2 01    ADD EDX,1
0041D77A  |.  52          PUSH EDX                      ; /Arg1
0041D77B  |.  8B85 C8FEFFFF MOV EAX,DWORD PTR SS:[EBP-138] ; |
0041D781  |.  8B48 10    MOV ECX,DWORD PTR DS:[EAX+10] ; |
0041D784  |.  E8 6708FFFF CALL 复件_Ekd.0040DFF0          ; \复件_Ekd.0040DFF0
0041D789  |.  6A 04       PUSH 4                         ; /Arg3 = 00000004
0041D78B  |.  6A 00       PUSH 0                         ; |Arg2 = 00000000
0041D78D  |.  68 00690000 PUSH 6900                      ; |Arg1 = 00006900
0041D792  |.  B9 C8E44A00 MOV ECX,复件_Ekd.004AE4C8       ; |
0041D797  |.  E8 A4220600 CALL 复件_Ekd.0047FA40          ; \复件_Ekd.0047FA40
0041D79C  |.  50          PUSH EAX                      ; /Arg2
0041D79D  |.  8B8D C8FEFFFF MOV ECX,DWORD PTR SS:[EBP-138] ; |
0041D7A3  |.  33D2       XOR EDX,EDX                   ; |
0041D7A5  |.  8A51 03    MOV DL,BYTE PTR DS:[ECX+3]    ; |
0041D7A8  |.  52          PUSH EDX                      ; |/Arg1
0041D7A9  |.  8B85 C8FEFFFF MOV EAX,DWORD PTR SS:[EBP-138] ; ||
0041D7AF  |.  8B48 08    MOV ECX,DWORD PTR DS:[EAX+8]    ; ||
0041D7B2  |.  E8 91240200 CALL 复件_Ekd.0043FC48          ; |\复件_Ekd.0043FC48
0041D7B7  |.  25 FF000000 AND EAX,0FF                   ; |
0041D7BC  |.  50          PUSH EAX                      ; |Arg1
0041D7BD  |.  8D8D F0FEFFFF LEA ECX,DWORD PTR SS:[EBP-110] ; |
0041D7C3  |.  E8 C1240000 CALL 复件_Ekd.0041FC89          ; \复件_Ekd.0041FC89
0041D7C8  |.  68 00090000 PUSH 900                      ; /Arg3 = 00000900
0041D7CD  |.  6A 04       PUSH 4                         ; |/Arg3 = 00000004
0041D7CF  |.  6A 00       PUSH 0                         ; ||Arg2 = 00000000
0041D7D1  |.  68 00090000 PUSH 900                      ; ||Arg1 = 00000900
0041D7D6  |.  B9 C8E44A00 MOV ECX,复件_Ekd.004AE4C8       ; ||
0041D7DB  |.  E8 60220600 CALL 复件_Ekd.0047FA40          ; |\复件_Ekd.0047FA40
0041D7E0  |.  50          PUSH EAX                      ; |Arg2
0041D7E1  |.  6A 04       PUSH 4                         ; |/Arg3 = 00000004
0041D7E3  |.  6A 00       PUSH 0                         ; ||Arg2 = 00000000
0041D7E5  |.  68 008D0000 PUSH 8D00                      ; ||Arg1 = 00008D00
0041D7EA  |.  B9 C8E44A00 MOV ECX,复件_Ekd.004AE4C8       ; ||
0041D7EF  |.  E8 4C220600 CALL 复件_Ekd.0047FA40          ; |\复件_Ekd.0047FA40
0041D7F4  |.  50          PUSH EAX                      ; |Arg1
0041D7F5  |.  E8 03250600 CALL 复件_Ekd.0047FCFD          ; \复件_Ekd.0047FCFD
0041D7FA  |.  83C4 0C    ADD ESP,0C
0041D7FD  |.  8D8D F0FEFFFF LEA ECX,DWORD PTR SS:[EBP-110]
0041D803  |.  E8 BDBAFFFF CALL 复件_Ekd.004192C5
0041D808  |.  8B8D C8FEFFFF MOV ECX,DWORD PTR SS:[EBP-138]
0041D80E  |.  8B49 08    MOV ECX,DWORD PTR DS:[ECX+8]
0041D811  |.  E8 4A5BFEFF CALL 复件_Ekd.00403360
0041D816  |.  66:8B10    MOV DX,WORD PTR DS:[EAX]
0041D819  |.  52          PUSH EDX                      ; /Arg1
0041D81A  |.  E8 5F220300 CALL 复件_Ekd.0044FA7E          ; \复件_Ekd.0044FA7E
0041D81F  |.  83C4 04    ADD ESP,4
0041D822  |.  8985 CCFEFFFF MOV DWORD PTR SS:[EBP-134],EAX
0041D828  |.  8995 D0FEFFFF MOV DWORD PTR SS:[EBP-130],EDX
0041D82E  |.  8B85 CCFEFFFF MOV EAX,DWORD PTR SS:[EBP-134]
0041D834  |.  8985 D8FEFFFF MOV DWORD PTR SS:[EBP-128],EAX
0041D83A  |.  8B8D D0FEFFFF MOV ECX,DWORD PTR SS:[EBP-130]
0041D840  |.  898D DCFEFFFF MOV DWORD PTR SS:[EBP-124],ECX
0041D846  |.  8B95 C8FEFFFF MOV EDX,DWORD PTR SS:[EBP-138]
0041D84C  |.  8B4A 08    MOV ECX,DWORD PTR DS:[EDX+8]
0041D84F  |.  E8 0C5BFEFF CALL 复件_Ekd.00403360
0041D854  |.  66:8B00    MOV AX,WORD PTR DS:[EAX]
0041D857  |.  50          PUSH EAX                      ; /Arg2
0041D858  |.  8D8D D4FEFFFF LEA ECX,DWORD PTR SS:[EBP-12C] ; |
0041D85E  |.  51          PUSH ECX                      ; |Arg1
0041D85F  |.  E8 BB210300 CALL 复件_Ekd.0044FA1F          ; \复件_Ekd.0044FA1F
0041D864  |.  83C4 08    ADD ESP,8
0041D867  |.  6A 01       PUSH 1                         ; /Arg2 = 00000001
0041D869  |.  6A 21       PUSH 21                         ; |Arg1 = 00000021
0041D86B  |.  B9 B0694B00 MOV ECX,复件_Ekd.004B69B0       ; |
0041D870  |.  E8 056E0500 CALL 复件_Ekd.0047467A          ; \复件_Ekd.0047467A
0041D875  |.  C785 E0FEFFFF>MOV DWORD PTR SS:[EBP-120],0
0041D87F  |.  EB 0F       JMP SHORT 复件_Ekd.0041D890
0041D881  |>  8B95 E0FEFFFF /MOV EDX,DWORD PTR SS:[EBP-120]
0041D887  |.  83C2 01    |ADD EDX,1
0041D88A  |.  8995 E0FEFFFF |MOV DWORD PTR SS:[EBP-120],EDX
0041D890  |>  83BD E0FEFFFF> CMP DWORD PTR SS:[EBP-120],10
0041D897  |.  0F83 9F000000 |JNB 复件_Ekd.0041D93C
0041D89D  |.  E8 390D0000 |CALL 复件_Ekd.0041E5DB
0041D8A2  |.  8B85 D5FEFFFF |MOV EAX,DWORD PTR SS:[EBP-12B]
0041D8A8  |.  25 FF000000 |AND EAX,0FF
0041D8AD  |.  50          |PUSH EAX                      ; /Arg2
0041D8AE  |.  8B8D D4FEFFFF |MOV ECX,DWORD PTR SS:[EBP-12C]  ; |
0041D8B4  |.  81E1 FF000000 |AND ECX,0FF                   ; |
0041D8BA  |.  51          |PUSH ECX                      ; |Arg1
0041D8BB  |.  E8 395EFEFF |CALL 复件_Ekd.004036F9          ; \复件_Ekd.004036F9
0041D8C0  |.  83C4 08    |ADD ESP,8
0041D8C3  |.  8B95 E0FEFFFF |MOV EDX,DWORD PTR SS:[EBP-120]
0041D8C9  |.  D1EA       |SHR EDX,1
0041D8CB  |.  83C2 01    |ADD EDX,1
0041D8CE  |.  52          |PUSH EDX                      ; /Arg4
0041D8CF  |.  6A 30       |PUSH 30                      ; |Arg3 = 00000030
0041D8D1  |.  6A 30       |PUSH 30                      ; |Arg2 = 00000030
0041D8D3  |.  6A 04       |PUSH 4                         ; |/Arg3 = 00000004
0041D8D5  |.  6A 00       |PUSH 0                         ; ||Arg2 = 00000000
0041D8D7  |.  6A 00       |PUSH 0                         ; ||Arg1 = 00000000
0041D8D9  |.  B9 C8E44A00 |MOV ECX,复件_Ekd.004AE4C8       ; ||
0041D8DE  |.  E8 5D210600 |CALL 复件_Ekd.0047FA40          ; |\复件_Ekd.0047FA40
0041D8E3  |.  50          |PUSH EAX                      ; |Arg1
0041D8E4  |.  E8 D72A0100 |CALL 复件_Ekd.004303C0          ; \复件_Ekd.004303C0
0041D8E9  |.  83C4 10    |ADD ESP,10
0041D8EC  |.  6A 04       |PUSH 4                         ; /Arg3 = 00000004
0041D8EE  |.  6A 00       |PUSH 0                         ; |Arg2 = 00000000
0041D8F0  |.  6A 00       |PUSH 0                         ; |Arg1 = 00000000
0041D8F2  |.  B9 C8E44A00 |MOV ECX,复件_Ekd.004AE4C8       ; |
0041D8F7  |.  E8 44210600 |CALL 复件_Ekd.0047FA40          ; \复件_Ekd.0047FA40
0041D8FC  |.  50          |PUSH EAX                      ; /Arg6
0041D8FD  |.  8B85 C8FEFFFF |MOV EAX,DWORD PTR SS:[EBP-138]  ; |
0041D903  |.  8A48 03    |MOV CL,BYTE PTR DS:[EAX+3]    ; |
0041D906  |.  51          |PUSH ECX                      ; |Arg5
0041D907  |.  6A 30       |PUSH 30                      ; |Arg4 = 00000030
0041D909  |.  6A 30       |PUSH 30                      ; |Arg3 = 00000030
0041D90B  |.  8B95 DCFEFFFF |MOV EDX,DWORD PTR SS:[EBP-124]  ; |
0041D911  |.  52          |PUSH EDX                      ; |Arg2
0041D912  |.  8B85 D8FEFFFF |MOV EAX,DWORD PTR SS:[EBP-128]  ; |
0041D918  |.  50          |PUSH EAX                      ; |Arg1
0041D919  |.  E8 5E3A0300 |CALL 复件_Ekd.0045137C          ; \复件_Ekd.0045137C
0041D91E  |.  83C4 18    |ADD ESP,18
0041D921  |.  E8 D00C0000 |CALL 复件_Ekd.0041E5F6
0041D926  |.  6A 01       |PUSH 1                         ; /Arg1 = 00000001
0041D928  |.  B9 181B4B00 |MOV ECX,复件_Ekd.004B1B18       ; |
0041D92D  |.  E8 0E5AFEFF |CALL 复件_Ekd.00403340          ; \复件_Ekd.00403340
0041D932  |.  E8 A9EB0000 |CALL 复件_Ekd.0042C4E0
0041D937  |.^ E9 45FFFFFF \JMP 复件_Ekd.0041D881
0041D93C  |>  6A 01       PUSH 1                         ; /Arg2 = 00000001
0041D93E  |.  6A 0C       PUSH 0C                         ; |Arg1 = 0000000C
0041D940  |.  B9 B0694B00 MOV ECX,复件_Ekd.004B69B0       ; |
0041D945  |.  E8 306D0500 CALL 复件_Ekd.0047467A          ; \复件_Ekd.0047467A
0041D94A  |.  C785 E0FEFFFF>MOV DWORD PTR SS:[EBP-120],0
0041D954  |.  EB 0F       JMP SHORT 复件_Ekd.0041D965
0041D956  |>  8B8D E0FEFFFF /MOV ECX,DWORD PTR SS:[EBP-120]
0041D95C  |.  83C1 01    |ADD ECX,1
0041D95F  |.  898D E0FEFFFF |MOV DWORD PTR SS:[EBP-120],ECX
0041D965  |>  83BD E0FEFFFF> CMP DWORD PTR SS:[EBP-120],10
0041D96C  |.  0F83 D3000000 |JNB 复件_Ekd.0041DA45
0041D972  |.  68 00090000 |PUSH 900                      ; /Arg3 = 00000900
0041D977  |.  6A 04       |PUSH 4                         ; |/Arg3 = 00000004
0041D979  |.  6A 00       |PUSH 0                         ; ||Arg2 = 00000000
0041D97B  |.  6A 00       |PUSH 0                         ; ||Arg1 = 00000000
0041D97D  |.  B9 C8E44A00 |MOV ECX,复件_Ekd.004AE4C8       ; ||
0041D982  |.  E8 B9200600 |CALL 复件_Ekd.0047FA40          ; |\复件_Ekd.0047FA40
0041D987  |.  50          |PUSH EAX                      ; |Arg2
0041D988  |.  6A 04       |PUSH 4                         ; |/Arg3 = 00000004
0041D98A  |.  6A 00       |PUSH 0                         ; ||Arg2 = 00000000
0041D98C  |.  68 00090000 |PUSH 900                      ; ||Arg1 = 00000900
0041D991  |.  B9 C8E44A00 |MOV ECX,复件_Ekd.004AE4C8       ; ||
0041D996  |.  E8 A5200600 |CALL 复件_Ekd.0047FA40          ; |\复件_Ekd.0047FA40
0041D99B  |.  50          |PUSH EAX                      ; |Arg1
0041D99C  |.  E8 5C230600 |CALL 复件_Ekd.0047FCFD          ; \复件_Ekd.0047FCFD
0041D9A1  |.  83C4 0C    |ADD ESP,0C
0041D9A4  |.  E8 320C0000 |CALL 复件_Ekd.0041E5DB
0041D9A9  |.  8B95 D5FEFFFF |MOV EDX,DWORD PTR SS:[EBP-12B]
0041D9AF  |.  81E2 FF000000 |AND EDX,0FF
0041D9B5  |.  52          |PUSH EDX                      ; /Arg2
0041D9B6  |.  8B85 D4FEFFFF |MOV EAX,DWORD PTR SS:[EBP-12C]  ; |
0041D9BC  |.  25 FF000000 |AND EAX,0FF                   ; |
0041D9C1  |.  50          |PUSH EAX                      ; |Arg1
0041D9C2  |.  E8 325DFEFF |CALL 复件_Ekd.004036F9          ; \复件_Ekd.004036F9
0041D9C7  |.  83C4 08    |ADD ESP,8
0041D9CA  |.  B9 10000000 |MOV ECX,10
0041D9CF  |.  2B8D E0FEFFFF |SUB ECX,DWORD PTR SS:[EBP-120]
0041D9D5  |.  D1E9       |SHR ECX,1
0041D9D7  |.  51          |PUSH ECX                      ; /Arg4
0041D9D8  |.  6A 30       |PUSH 30                      ; |Arg3 = 00000030
0041D9DA  |.  6A 30       |PUSH 30                      ; |Arg2 = 00000030
0041D9DC  |.  6A 04       |PUSH 4                         ; |/Arg3 = 00000004
0041D9DE  |.  6A 00       |PUSH 0                         ; ||Arg2 = 00000000
0041D9E0  |.  6A 00       |PUSH 0                         ; ||Arg1 = 00000000
0041D9E2  |.  B9 C8E44A00 |MOV ECX,复件_Ekd.004AE4C8       ; ||
0041D9E7  |.  E8 54200600 |CALL 复件_Ekd.0047FA40          ; |\复件_Ekd.0047FA40
0041D9EC  |.  50          |PUSH EAX                      ; |Arg1
0041D9ED  |.  E8 CE290100 |CALL 复件_Ekd.004303C0          ; \复件_Ekd.004303C0
0041D9F2  |.  83C4 10    |ADD ESP,10
0041D9F5  |.  6A 04       |PUSH 4                         ; /Arg3 = 00000004
0041D9F7  |.  6A 00       |PUSH 0                         ; |Arg2 = 00000000
0041D9F9  |.  6A 00       |PUSH 0                         ; |Arg1 = 00000000
0041D9FB  |.  B9 C8E44A00 |MOV ECX,复件_Ekd.004AE4C8       ; |
0041DA00  |.  E8 3B200600 |CALL 复件_Ekd.0047FA40          ; \复件_Ekd.0047FA40
0041DA05  |.  50          |PUSH EAX                      ; /Arg6
0041DA06  |.  8B95 C8FEFFFF |MOV EDX,DWORD PTR SS:[EBP-138]  ; |
0041DA0C  |.  8A42 03    |MOV AL,BYTE PTR DS:[EDX+3]    ; |
0041DA0F  |.  50          |PUSH EAX                      ; |Arg5
0041DA10  |.  6A 30       |PUSH 30                      ; |Arg4 = 00000030
0041DA12  |.  6A 30       |PUSH 30                      ; |Arg3 = 00000030
0041DA14  |.  8B8D DCFEFFFF |MOV ECX,DWORD PTR SS:[EBP-124]  ; |
0041DA1A  |.  51          |PUSH ECX                      ; |Arg2
0041DA1B  |.  8B95 D8FEFFFF |MOV EDX,DWORD PTR SS:[EBP-128]  ; |
0041DA21  |.  52          |PUSH EDX                      ; |Arg1
0041DA22  |.  E8 55390300 |CALL 复件_Ekd.0045137C          ; \复件_Ekd.0045137C
0041DA27  |.  83C4 18    |ADD ESP,18
0041DA2A  |.  E8 C70B0000 |CALL 复件_Ekd.0041E5F6
0041DA2F  |.  6A 01       |PUSH 1                         ; /Arg1 = 00000001
0041DA31  |.  B9 181B4B00 |MOV ECX,复件_Ekd.004B1B18       ; |
0041DA36  |.  E8 0559FEFF |CALL 复件_Ekd.00403340          ; \复件_Ekd.00403340
0041DA3B  |.  E8 A0EA0000 |CALL 复件_Ekd.0042C4E0
0041DA40  |.^ E9 11FFFFFF \JMP 复件_Ekd.0041D956
0041DA45  |>  8B85 C8FEFFFF MOV EAX,DWORD PTR SS:[EBP-138]
0041DA4B  |.  8B48 08    MOV ECX,DWORD PTR DS:[EAX+8]
0041DA4E  |.  E8 1D050000 CALL 复件_Ekd.0041DF70
0041DA53  |.  25 FF000000 AND EAX,0FF
0041DA58  |.  8B0C85 A8BE48>MOV ECX,DWORD PTR DS:[EAX*4+48BE>
0041DA5F  |.  51          PUSH ECX
0041DA60  |.  8B95 C8FEFFFF MOV EDX,DWORD PTR SS:[EBP-138]
0041DA66  |.  8B4A 10    MOV ECX,DWORD PTR DS:[EDX+10]
0041DA69  |.  E8 E99CFEFF CALL 复件_Ekd.00407757
0041DA6E  |.  50          PUSH EAX                      ; |Arg3
0041DA6F  |.  68 98B64800 PUSH 复件_Ekd.0048B698          ; |Arg2 = 0048B698
0041DA74  |.  6A 02       PUSH 2                         ; |Arg1 = 00000002
0041DA76  |.  E8 1E1C0100 CALL 复件_Ekd.0042F699          ; \复件_Ekd.0042F699
0041DA7B  |.  83C4 10    ADD ESP,10
0041DA7E  |.  C785 E0FEFFFF>MOV DWORD PTR SS:[EBP-120],0
0041DA88  |.  EB 0F       JMP SHORT 复件_Ekd.0041DA99
0041DA8A  |>  8B85 E0FEFFFF /MOV EAX,DWORD PTR SS:[EBP-120]
0041DA90  |.  83C0 01    |ADD EAX,1
0041DA93  |.  8985 E0FEFFFF |MOV DWORD PTR SS:[EBP-120],EAX
0041DA99  |>  83BD E0FEFFFF> CMP DWORD PTR SS:[EBP-120],44
0041DAA0  |.  0F83 D9000000 |JNB 复件_Ekd.0041DB7F
0041DAA6  |.  8B8D C8FEFFFF |MOV ECX,DWORD PTR SS:[EBP-138]
0041DAAC  |.  8B49 08    |MOV ECX,DWORD PTR DS:[ECX+8]
0041DAAF  |.  E8 BC040000 |CALL 复件_Ekd.0041DF70
0041DAB4  |.  25 FF000000 |AND EAX,0FF
0041DAB9  |.  83E8 01    |SUB EAX,1
0041DABC  |.  50          |PUSH EAX                      ; /Arg1
0041DABD  |.  8B8D E0FEFFFF |MOV ECX,DWORD PTR SS:[EBP-120]  ; |
0041DAC3  |.  6BC9 46    |IMUL ECX,ECX,46                ; |
0041DAC6  |.  81C1 C0F44A00 |ADD ECX,复件_Ekd.004AF4C0       ; |
0041DACC  |.  E8 AFBAFEFF |CALL 复件_Ekd.00409580          ; \复件_Ekd.00409580
0041DAD1  |.  25 FF000000 |AND EAX,0FF
0041DAD6  |.  85C0       |TEST EAX,EAX
0041DAD8  |.  0F85 9C000000 |JNZ 复件_Ekd.0041DB7A
0041DADE  |.  8B95 C8FEFFFF |MOV EDX,DWORD PTR SS:[EBP-138]
0041DAE4  |.  8B4A 08    |MOV ECX,DWORD PTR DS:[EDX+8]
0041DAE7  |.  E8 84040000 |CALL 复件_Ekd.0041DF70
0041DAEC  |.  25 FF000000 |AND EAX,0FF
0041DAF1  |.  50          |PUSH EAX                      ; /Arg1
0041DAF2  |.  8B8D E0FEFFFF |MOV ECX,DWORD PTR SS:[EBP-120]  ; |
0041DAF8  |.  6BC9 46    |IMUL ECX,ECX,46                ; |
0041DAFB  |.  81C1 C0F44A00 |ADD ECX,复件_Ekd.004AF4C0       ; |
0041DB01  |.  E8 7ABAFEFF |CALL 复件_Ekd.00409580          ; \复件_Ekd.00409580
0041DB06  |.  25 FF000000 |AND EAX,0FF
0041DB0B  |.  85C0       |TEST EAX,EAX
0041DB0D  |.  74 6B       |JE SHORT 复件_Ekd.0041DB7A
0041DB0F  |.  8B85 C8FEFFFF |MOV EAX,DWORD PTR SS:[EBP-138]
0041DB15  |.  8B48 08    |MOV ECX,DWORD PTR DS:[EAX+8]
0041DB18  |.  E8 53040000 |CALL 复件_Ekd.0041DF70
0041DB1D  |.  25 FF000000 |AND EAX,0FF
0041DB22  |.  50          |PUSH EAX                      ; /Arg1
0041DB23  |.  8B8D E0FEFFFF |MOV ECX,DWORD PTR SS:[EBP-120]  ; |
0041DB29  |.  6BC9 46    |IMUL ECX,ECX,46                ; |
0041DB2C  |.  81C1 C0F44A00 |ADD ECX,复件_Ekd.004AF4C0       ; |
0041DB32  |.  E8 49BAFEFF |CALL 复件_Ekd.00409580          ; \复件_Ekd.00409580
0041DB37  |.  8AD8       |MOV BL,AL
0041DB39  |.  81E3 FF000000 |AND EBX,0FF
0041DB3F  |.  8B8D C8FEFFFF |MOV ECX,DWORD PTR SS:[EBP-138]
0041DB45  |.  8B49 10    |MOV ECX,DWORD PTR DS:[ECX+10]
0041DB48  |.  E8 838AFEFF |CALL 复件_Ekd.004065D0
0041DB4D  |.  25 FF000000 |AND EAX,0FF
0041DB52  |.  3BD8       |CMP EBX,EAX
0041DB54  |.  7F 24       |JG SHORT 复件_Ekd.0041DB7A
0041DB56  |.  8B8D E0FEFFFF |MOV ECX,DWORD PTR SS:[EBP-120]
0041DB5C  |.  6BC9 46    |IMUL ECX,ECX,46
0041DB5F  |.  81C1 C0F44A00 |ADD ECX,复件_Ekd.004AF4C0
0041DB65  |.  E8 A61B0400 |CALL 复件_Ekd.0045F710
0041DB6A  |.  50          |PUSH EAX                      ; /Arg3
0041DB6B  |.  68 ACB64800 |PUSH 复件_Ekd.0048B6AC          ; |Arg2 = 0048B6AC
0041DB70  |.  6A 02       |PUSH 2                         ; |Arg1 = 00000002
0041DB72  |.  E8 221B0100 |CALL 复件_Ekd.0042F699          ; \复件_Ekd.0042F699
0041DB77  |.  83C4 0C    |ADD ESP,0C
0041DB7A  |>^ E9 0BFFFFFF \JMP 复件_Ekd.0041DA8A
0041DB7F  |>  8B95 C8FEFFFF MOV EDX,DWORD PTR SS:[EBP-138]
0041DB85  |.  8B4A 08    MOV ECX,DWORD PTR DS:[EDX+8]
0041DB88  |.  E8 9F220200 CALL 复件_Ekd.0043FE2C
0041DB8D  |.  8B85 C8FEFFFF MOV EAX,DWORD PTR SS:[EBP-138]
0041DB93  |.  8B48 08    MOV ECX,DWORD PTR DS:[EAX+8]
0041DB96  |.  E8 2E210200 CALL 复件_Ekd.0043FCC9
0041DB9B  |.  C745 FC FFFFF>MOV DWORD PTR SS:[EBP-4],-1
0041DBA2  |.  8D8D F0FEFFFF LEA ECX,DWORD PTR SS:[EBP-110]
0041DBA8  |.  E8 2357FEFF CALL 复件_Ekd.004032D0
0041DBAD  |>  8B4D F4    MOV ECX,DWORD PTR SS:[EBP-C]
0041DBB0  |.  64:890D 00000>MOV DWORD PTR FS:[0],ECX
0041DBB7  |.  5B          POP EBX
0041DBB8  |.  8BE5       MOV ESP,EBP
0041DBBA  |.  5D          POP EBP
0041DBBB  \.  C3          RETN

0041D3D9  /$  55          PUSH EBP
0041D3DA  |.  8BEC          MOV EBP,ESP
0041D3DC  |.  51          PUSH ECX
0041D3DD  |.  53          PUSH EBX
0041D3DE  |.  894D FC       MOV DWORD PTR SS:[EBP-4],ECX
0041D3E1  |.  8B45 FC       MOV EAX,DWORD PTR SS:[EBP-4]
0041D3E4  |.  8A08          MOV CL,BYTE PTR DS:[EAX]
0041D3E6  |.  51          PUSH ECX                               ; /Arg4
0041D3E7  |.  6A 04       PUSH 4                                  ; |Arg3 = 00000004
0041D3E9  |.  8B55 FC       MOV EDX,DWORD PTR SS:[EBP-4]          ; |
0041D3EC  |.  8A42 18       MOV AL,BYTE PTR DS:[EDX+18]             ; |
0041D3EF  |.  50          PUSH EAX                               ; |Arg2
0041D3F0  |.  8B4D FC       MOV ECX,DWORD PTR SS:[EBP-4]          ; |
0041D3F3  |.  8A51 02       MOV DL,BYTE PTR DS:[ECX+2]             ; |
0041D3F6  |.  52          PUSH EDX                               ; |Arg1
0041D3F7  |.  B9 50424B00 MOV ECX,复件_Ekd.004B4250                ; |
0041D3FC  |.  E8 3C7F0300 CALL 复件_Ekd.0045533D                   ; \复件_Ekd.0045533D 确定使用对象
0041D401  |.  8B4D FC       MOV ECX,DWORD PTR SS:[EBP-4]
0041D404  |.  8841 03       MOV BYTE PTR DS:[ECX+3],AL 受用者的战场编号
0041D407  |.  8B55 FC       MOV EDX,DWORD PTR SS:[EBP-4]
0041D40A  |.  33C0          XOR EAX,EAX
0041D40C  |.  8A42 03       MOV AL,BYTE PTR DS:[EDX+3]
0041D40F  |.  3D FF000000 CMP EAX,0FF
0041D414  |.  75 05       JNZ SHORT 复件_Ekd.0041D41B
0041D416  |.  E9 BB000000 JMP 复件_Ekd.0041D4D6 点了取消，退出
0041D41B  |>  8B4D FC       MOV ECX,DWORD PTR SS:[EBP-4]
0041D41E  |.  33D2          XOR EDX,EDX
0041D420  |.  8A51 03       MOV DL,BYTE PTR DS:[ECX+3]
0041D423  |.  6BD2 24       IMUL EDX,EDX,24
0041D426  |.  81C2 502C4B00  ADD EDX,复件_Ekd.004B2C50
0041D42C  |.  8B45 FC       MOV EAX,DWORD PTR SS:[EBP-4]
0041D42F  |.  8950 08       MOV DWORD PTR DS:[EAX+8],EDX
0041D432  |.  8B4D FC       MOV ECX,DWORD PTR SS:[EBP-4]
0041D435  |.  8B49 08       MOV ECX,DWORD PTR DS:[ECX+8]
0041D438  |.  E8 33220400 CALL 复件_Ekd.0045F670 获取武将ecx的data编号,就是受用武将
0041D43D  |.  6BC0 48       IMUL EAX,EAX,48
0041D440  |.  05 681B4A00 ADD EAX,复件_Ekd.004A1B68
0041D445  |.  8B55 FC       MOV EDX,DWORD PTR SS:[EBP-4]
0041D448  |.  8942 10       MOV DWORD PTR DS:[EDX+10],EAX
0041D44B  |.  6A 00       PUSH 0                                  ; /Arg3 = 00000000
0041D44D  |.  8B45 FC       MOV EAX,DWORD PTR SS:[EBP-4]          ; |
0041D450  |.  8A48 03       MOV CL,BYTE PTR DS:[EAX+3]             ; |
0041D453  |.  51          PUSH ECX                               ; |Arg2
0041D454  |.  8B55 FC       MOV EDX,DWORD PTR SS:[EBP-4]          ; |
0041D457  |.  8A02          MOV AL,BYTE PTR DS:[EDX]                ; |
0041D459  |.  50          PUSH EAX                               ; |Arg1
0041D45A  |.  E8 8AF0FFFF CALL 复件_Ekd.0041C4E9                   ; \复件_Ekd.0041C4E9
0041D45F  |.  83C4 0C       ADD ESP,0C
0041D462  |.  85C0          TEST EAX,EAX
0041D464  |.  75 02       JNZ SHORT 复件_Ekd.0041D468
0041D466  |.  EB 6E       JMP SHORT 复件_Ekd.0041D4D6 退出
0041D468  |>  68 FF000000 PUSH 0FF                               ; /Arg1 = 000000FF
0041D46D  |.  8B4D FC       MOV ECX,DWORD PTR SS:[EBP-4]          ; |
0041D470  |.  E8 EDF2FFFF CALL 复件_Ekd.0041C762                   ; \复件_Ekd.0041C762 绘图

0041D475  |.  6A 01       PUSH 1
0041D477  |.  8B4D FC       MOV ECX,DWORD PTR SS:[EBP-4]
0041D47A  |.  8B49 10       MOV ECX,DWORD PTR DS:[ECX+10]
0041D47D  |.  E8 CE91FEFF CALL 复件_Ekd.00406650 获取武将ecx的经验
0041D482  |.  8AD8          MOV BL,AL
0041D484  |.  81E3 FF000000  AND EBX,0FF
0041D48A  |.  8B55 FC       MOV EDX,DWORD PTR SS:[EBP-4]
0041D48D  |.  8B4A 14       MOV ECX,DWORD PTR DS:[EDX+14]
0041D490  |.  E8 DB080000 CALL 复件_Ekd.0041DD70 获取ecx武将的攻击力，不含装备加成效果
0041D495  |.  25 FF000000 AND EAX,0FF                            ; |
0041D49A  |.  03D8          ADD EBX,EAX                            ; |
0041D49C  |.  53          PUSH EBX                               ; |Arg1
0041D49D  |.  8B45 FC       MOV EAX,DWORD PTR SS:[EBP-4]          ; |
0041D4A0  |.  8B48 10       MOV ECX,DWORD PTR DS:[EAX+10]          ; |
0041D4A3  |.  E8 A8B4FEFF CALL 复件_Ekd.00408950                   ; \复件_Ekd.00408950 升级函数
0041D4A8  |.  8B4D FC       MOV ECX,DWORD PTR SS:[EBP-4]
0041D4AB  |.  8B49 10       MOV ECX,DWORD PTR DS:[ECX+10]
0041D4AE  |.  E8 689DFEFF CALL 复件_Ekd.0040721B 获取ecx武将带上装备后的HP
0041D4B3  |.  50          PUSH EAX                               ; /Arg1
0041D4B4  |.  8B55 FC       MOV EDX,DWORD PTR SS:[EBP-4]          ; |
0041D4B7  |.  8B4A 08       MOV ECX,DWORD PTR DS:[EDX+8]          ; |
0041D4BA  |.  E8 0E220200 CALL 复件_Ekd.0043F6CD ; \ 设置ecx武将的HP值，如果大于加上装备后的最大值，按最大值算
0041D4BF  |.  8B45 FC       MOV EAX,DWORD PTR SS:[EBP-4]
0041D4C2  |.  8B48 10       MOV ECX,DWORD PTR DS:[EAX+10]
0041D4C5  |.  E8 809DFEFF CALL 复件_Ekd.0040724A 获取ecx武将带上装备后的MP
0041D4CA  |.  50          PUSH EAX                               ; /Arg1
0041D4CB  |.  8B4D FC       MOV ECX,DWORD PTR SS:[EBP-4]          ; |
0041D4CE  |.  8B49 08       MOV ECX,DWORD PTR DS:[ECX+8]          ; |
0041D4D1  |.  E8 38220200 CALL 复件_Ekd.0043F70E                   ; \复件_Ekd.0043F70E  设置ecx武将的MP值
0041D4D6  |>  5B          POP EBX
0041D4D7  |.  8BE5          MOV ESP,EBP
0041D4D9  |.  5D          POP EBP
0041D4DA  \.  C3          RETN

升级判断函数：
00408950  /$  55          PUSH EBP
00408951  |.  8BEC          MOV EBP,ESP
00408953  |.  83EC 08       SUB ESP,8
00408956  |.  894D F8       MOV DWORD PTR SS:[EBP-8],ECX
00408959  |.  8B4D F8       MOV ECX,DWORD PTR SS:[EBP-8]
0040895C  |.  E8 9F0B0000 CALL WaGan.00409500 获取武将ecx的武将代码(曹操为0x1000)，并只保留低12位
00408961  |.  8945 FC       MOV DWORD PTR SS:[EBP-4],EAX
00408964  |.  837D FC FF    CMP DWORD PTR SS:[EBP-4],-1
00408968  |.  73 0D       JNB SHORT WaGan.00408977
0040896A  |.  8B45 F8       MOV EAX,DWORD PTR SS:[EBP-8]
0040896D  |.  33C9          XOR ECX,ECX
0040896F  |.  8A48 2C       MOV CL,BYTE PTR DS:[EAX+2C]
00408972  |.  83F9 63       CMP ECX,63
00408975  |.  72 02       JB SHORT WaGan.00408979 经验值不小于等于99，转入升级
00408977  |>  EB 4C       JMP SHORT WaGan.004089C5 退出
00408979  |>  EB 09       JMP SHORT WaGan.00408984
0040897B  |>  8B55 08       /MOV EDX,DWORD PTR SS:[EBP+8]
0040897E  |.  83EA 64       |SUB EDX,64
00408981  |.  8955 08       |MOV DWORD PTR SS:[EBP+8],EDX
00408984  |>  837D 08 64    CMP DWORD PTR SS:[EBP+8],64
00408988  |.  72 10       |JB SHORT WaGan.0040899A 经验小于100就跳出
0040898A  |.  8B45 0C       |MOV EAX,DWORD PTR SS:[EBP+C]
0040898D  |.  50          |PUSH EAX
0040898E  |.  6A 01       |PUSH 1
00408990  |.  8B4D F8       |MOV ECX,DWORD PTR SS:[EBP-8]
00408993  |.  E8 20EAFFFF |CALL WaGan.004073B8 升级处理函数
00408998  |.^ EB E1       \JMP SHORT WaGan.0040897B
0040899A  |>  8B4D F8       MOV ECX,DWORD PTR SS:[EBP-8]
0040899D  |.  33D2          XOR EDX,EDX
0040899F  |.  8A51 2C       MOV DL,BYTE PTR DS:[ECX+2C]
004089A2  |.  83FA 3C       CMP EDX,3C
004089A5  |.  72 09       JB SHORT WaGan.004089B0
004089A7  |.  8B45 F8       MOV EAX,DWORD PTR SS:[EBP-8]
004089AA  |.  C640 2D FF    MOV BYTE PTR DS:[EAX+2D],0FF
004089AE  |.  EB 09       JMP SHORT WaGan.004089B9
004089B0  |>  8B4D F8       MOV ECX,DWORD PTR SS:[EBP-8]
004089B3  |.  8A55 08       MOV DL,BYTE PTR SS:[EBP+8]
004089B6  |.  8851 2D       MOV BYTE PTR DS:[ECX+2D],DL
004089B9  |>  8B45 FC       MOV EAX,DWORD PTR SS:[EBP-4]
004089BC  |.  50          PUSH EAX                               ; /Arg1
004089BD  |.  E8 3F100700 CALL WaGan.00479A01                   ; \WaGan.00479A01  显示升级的那个武将框
004089C2  |.  83C4 04       ADD ESP,4
004089C5  |>  8BE5          MOV ESP,EBP
004089C7  |.  5D          POP EBP
004089C8  \.  C2 0800       RETN 8

吃恢复状态道具后面的代码：

0041CFFB  |.  8B4D FC       MOV ECX,DWORD PTR SS:[EBP-4]
0041CFFE  |.  33D2          XOR EDX,EDX
0041D000  |.  8A51 01       MOV DL,BYTE PTR DS:[ECX+1]
0041D003  |.  8955 F8       MOV DWORD PTR SS:[EBP-8],EDX
0041D006  |.  8B45 F8       MOV EAX,DWORD PTR SS:[EBP-8]
0041D009  |.  83E8 41       SUB EAX,41
0041D00C  |.  8945 F8       MOV DWORD PTR SS:[EBP-8],EAX
0041D00F  |.  837D F8 04    CMP DWORD PTR SS:[EBP-8],4
0041D013  |.  77 53       JA SHORT WaGan.0041D068
0041D015  |.  8B4D F8       MOV ECX,DWORD PTR SS:[EBP-8]
0041D018  |.  FF248D 6CD0410>JMP DWORD PTR DS:[ECX*4+41D06C]

0041D06C .  1FD04100    DD WaGan.0041D01F    分支表被用于 0041D018
0041D070 .  2ED04100    DD WaGan.0041D02E
0041D074 .  3DD04100    DD WaGan.0041D03D
0041D078 .  4CD04100    DD WaGan.0041D04C
0041D07C .  5BD04100    DD WaGan.0041D05B    万能药

0041D01F  |>  6A 08       PUSH 8                                  ; /Arg1 = 00000008
0041D021  |.  8B55 FC       MOV EDX,DWORD PTR SS:[EBP-4]          ; |
0041D024  |.  8B4A 08       MOV ECX,DWORD PTR DS:[EDX+8]          ; |
0041D027  |.  E8 74BDFFFF CALL WaGan.00418DA0                   ; \WaGan.00418DA0 解混乱
0041D02C  |.  EB 3A       JMP SHORT WaGan.0041D068
0041D02E  |>  6A 10       PUSH 10                               ; /Arg1 = 00000010
0041D030  |.  8B45 FC       MOV EAX,DWORD PTR SS:[EBP-4]          ; |
0041D033  |.  8B48 08       MOV ECX,DWORD PTR DS:[EAX+8]          ; |
0041D036  |.  E8 65BDFFFF CALL WaGan.00418DA0                   ; \WaGan.00418DA0
0041D03B  |.  EB 2B       JMP SHORT WaGan.0041D068 解中毒
0041D03D  |>  6A 02       PUSH 2                                  ; /Arg1 = 00000002
0041D03F  |.  8B4D FC       MOV ECX,DWORD PTR SS:[EBP-4]          ; |
0041D042  |.  8B49 08       MOV ECX,DWORD PTR DS:[ECX+8]          ; |
0041D045  |.  E8 56BDFFFF CALL WaGan.00418DA0                   ; \WaGan.00418DA0
0041D04A  |.  EB 1C       JMP SHORT WaGan.0041D068 解麻痹
0041D04C  |>  6A 04       PUSH 4                                  ; /Arg1 = 00000004
0041D04E  |.  8B55 FC       MOV EDX,DWORD PTR SS:[EBP-4]          ; |
0041D051  |.  8B4A 08       MOV ECX,DWORD PTR DS:[EDX+8]          ; |
0041D054  |.  E8 47BDFFFF CALL WaGan.00418DA0                   ; \WaGan.00418DA0 解
0041D059  |.  EB 0D       JMP SHORT WaGan.0041D068
0041D05B  |>  6A 1E       PUSH 1E                               ; /Arg1 = 0000001E
0041D05D  |.  8B45 FC       MOV EAX,DWORD PTR SS:[EBP-4]          ; |
0041D060  |.  8B48 08       MOV ECX,DWORD PTR DS:[EAX+8]          ; |
0041D063  |.  E8 38BDFFFF CALL WaGan.00418DA0                   ; \WaGan.00418DA0
0041D068  |>  8BE5          MOV ESP,EBP
0041D06A  |.  5D          POP EBP
0041D06B  \.  C3          RETN

--道具有效性信息显示：

0041C4E9  /$  55          PUSH EBP
0041C4EA  |.  8BEC       MOV EBP,ESP
0041C4EC  |.  83EC 14    SUB ESP,14
0041C4EF  |.  56          PUSH ESI
0041C4F0  |.  8B4D 08    MOV ECX,DWORD PTR SS:[EBP+8]
0041C4F3  |.  81E1 FF000000 AND ECX,0FF
0041C4F9  |.  6BC9 19    IMUL ECX,ECX,19
0041C4FC  |.  81C1 40114A00 ADD ECX,WaGan.004A1140
0041C502  |.  E8 39D0FEFF CALL WaGan.00409540
0041C507  |.  8845 F8    MOV BYTE PTR SS:[EBP-8],AL
0041C50A  |.  8B45 0C    MOV EAX,DWORD PTR SS:[EBP+C]
0041C50D  |.  25 FF000000 AND EAX,0FF
0041C512  |.  6BC0 24    IMUL EAX,EAX,24
0041C515  |.  05 502C4B00 ADD EAX,WaGan.004B2C50
0041C51A  |.  8945 FC    MOV DWORD PTR SS:[EBP-4],EAX
0041C51D  |.  C745 F4 01000>MOV DWORD PTR SS:[EBP-C],1
0041C524  |.  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]
0041C527  |.  81E1 FF000000 AND ECX,0FF
0041C52D  |.  894D EC    MOV DWORD PTR SS:[EBP-14],ECX
0041C530  |.  8B55 EC    MOV EDX,DWORD PTR SS:[EBP-14]
0041C533  |.  83EA 3F    SUB EDX,3F
0041C536  |.  8955 EC    MOV DWORD PTR SS:[EBP-14],EDX
0041C539    837D EC 0D CMP DWORD PTR SS:[EBP-14],0D
0041C53D    0F87 DF010000 JA WaGan.0041C722
0041C543  |.  8B45 EC    MOV EAX,DWORD PTR SS:[EBP-14]
0041C546  |.  FF2485 2AC741>JMP DWORD PTR DS:[EAX*4+41C72A]
0041C54D  |>  E9 D0010000 JMP WaGan.0041C722
0041C552  |>  837D 10 00 CMP DWORD PTR SS:[EBP+10],0
0041C556  |.  74 15       JE SHORT WaGan.0041C56D
0041C558  |.  6A 08       PUSH 8                                                 ; /Arg1 = 00000008
0041C55A  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]                            ; |
0041C55D  |.  E8 7EA1FEFF CALL WaGan.004066E0                                     ; \WaGan.004066E0
0041C562  |.  85C0       TEST EAX,EAX
0041C564  |.  75 07       JNZ SHORT WaGan.0041C56D
0041C566  |.  C745 F4 00000>MOV DWORD PTR SS:[EBP-C],0
0041C56D  |>  E9 B0010000 JMP WaGan.0041C722
0041C572  |>  837D 10 00 CMP DWORD PTR SS:[EBP+10],0
0041C576  |.  74 15       JE SHORT WaGan.0041C58D
0041C578  |.  6A 10       PUSH 10                                                 ; /Arg1 = 00000010
0041C57A  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]                            ; |
0041C57D  |.  E8 5EA1FEFF CALL WaGan.004066E0                                     ; \WaGan.004066E0
0041C582  |.  85C0       TEST EAX,EAX
0041C584  |.  75 07       JNZ SHORT WaGan.0041C58D
0041C586  |.  C745 F4 00000>MOV DWORD PTR SS:[EBP-C],0
0041C58D  |>  E9 90010000 JMP WaGan.0041C722
0041C592  |>  837D 10 00 CMP DWORD PTR SS:[EBP+10],0
0041C596  |.  74 15       JE SHORT WaGan.0041C5AD
0041C598  |.  6A 02       PUSH 2                                                 ; /Arg1 = 00000002
0041C59A  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]                            ; |
0041C59D  |.  E8 3EA1FEFF CALL WaGan.004066E0                                     ; \WaGan.004066E0
0041C5A2  |.  85C0       TEST EAX,EAX
0041C5A4  |.  75 07       JNZ SHORT WaGan.0041C5AD
0041C5A6  |.  C745 F4 00000>MOV DWORD PTR SS:[EBP-C],0
0041C5AD  |>  E9 70010000 JMP WaGan.0041C722
0041C5B2  |>  837D 10 00 CMP DWORD PTR SS:[EBP+10],0
0041C5B6  |.  74 15       JE SHORT WaGan.0041C5CD
0041C5B8  |.  6A 04       PUSH 4                                                 ; /Arg1 = 00000004
0041C5BA  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]                            ; |
0041C5BD  |.  E8 1EA1FEFF CALL WaGan.004066E0                                     ; \WaGan.004066E0
0041C5C2  |.  85C0       TEST EAX,EAX
0041C5C4  |.  75 07       JNZ SHORT WaGan.0041C5CD
0041C5C6  |.  C745 F4 00000>MOV DWORD PTR SS:[EBP-C],0
0041C5CD  |>  E9 50010000 JMP WaGan.0041C722
0041C5D2  |>  837D 10 00 CMP DWORD PTR SS:[EBP+10],0
0041C5D6  |.  74 18       JE SHORT WaGan.0041C5F0
0041C5D8  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
0041C5DB  |.  E8 501A0000 CALL WaGan.0041E030
0041C5E0  |.  25 FF000000 AND EAX,0FF
0041C5E5  |.  85C0       TEST EAX,EAX
0041C5E7  |.  75 07       JNZ SHORT WaGan.0041C5F0
0041C5E9  |.  C745 F4 00000>MOV DWORD PTR SS:[EBP-C],0
0041C5F0  |>  E9 2D010000 JMP WaGan.0041C722
0041C5F5  |>  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
0041C5F8  |.  E8 73300400 CALL WaGan.0045F670
0041C5FD  |.  8BC8       MOV ECX,EAX
0041C5FF  |.  6BC9 48    IMUL ECX,ECX,48
0041C602  |.  81C1 0000D600 ADD ECX,0D60000
0041C608  |.  E8 C39FFEFF CALL WaGan.004065D0
0041C60D  |.  25 FF000000 AND EAX,0FF
0041C612  |.  83F8 63    CMP EAX,63
0041C615  |.  72 1C       JB SHORT WaGan.0041C633
0041C617  |.  837D 10 00 CMP DWORD PTR SS:[EBP+10],0
0041C61B  |.  75 0F       JNZ SHORT WaGan.0041C62C
0041C61D  |.  68 3CB64800 PUSH WaGan.0048B63C                                     ; /Arg2 = 0048B63C
0041C622  |.  6A 02       PUSH 2                                                 ; |Arg1 = 00000002
0041C624  |.  E8 70300100 CALL WaGan.0042F699                                     ; \WaGan.0042F699
0041C629  |.  83C4 08    ADD ESP,8
0041C62C  |>  C745 F4 00000>MOV DWORD PTR SS:[EBP-C],0
0041C633  |>  E9 EA000000 JMP WaGan.0041C722
0041C638  |>  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
0041C63B  |.  E8 30300400 CALL WaGan.0045F670
0041C640  |.  8BC8       MOV ECX,EAX
0041C642  |.  6BC9 48    IMUL ECX,ECX,48
0041C645  |.  81C1 0000D600 ADD ECX,0D60000
0041C64B  |.  E8 C09FFEFF CALL WaGan.00406610
0041C650  |.  8845 F0    MOV BYTE PTR SS:[EBP-10],AL
0041C653  |.  8B4D F0    MOV ECX,DWORD PTR SS:[EBP-10]
0041C656  |.  81E1 FF000000 AND ECX,0FF
0041C65C  |.  83F9 26    CMP ECX,26
0041C65F  |.  7E 21       JLE SHORT WaGan.0041C682
0041C661  |.  837D 10 00 CMP DWORD PTR SS:[EBP+10],0
0041C665  |.  75 0F       JNZ SHORT WaGan.0041C676
0041C667  |.  68 4CB64800 PUSH WaGan.0048B64C                                     ; /Arg2 = 0048B64C
0041C66C  |.  6A 02       PUSH 2                                                 ; |Arg1 = 00000002
0041C66E  |.  E8 26300100 CALL WaGan.0042F699                                     ; \WaGan.0042F699
0041C673  |.  83C4 08    ADD ESP,8
0041C676  |>  C745 F4 00000>MOV DWORD PTR SS:[EBP-C],0
0041C67D  |.  E9 A0000000 JMP WaGan.0041C722
0041C682  |>  8B45 F0    MOV EAX,DWORD PTR SS:[EBP-10]
0041C685  |.  25 FF000000 AND EAX,0FF
0041C68A  |.  99          CDQ
0041C68B  |.  B9 03000000 MOV ECX,3
0041C690  |.  F7F9       IDIV ECX
0041C692  |.  83FA 02    CMP EDX,2
0041C695  |.  75 1E       JNZ SHORT WaGan.0041C6B5
0041C697  |.  837D 10 00 CMP DWORD PTR SS:[EBP+10],0
0041C69B  |.  75 0F       JNZ SHORT WaGan.0041C6AC
0041C69D  |.  68 68B64800 PUSH WaGan.0048B668                                     ; /Arg2 = 0048B668
0041C6A2  |.  6A 02       PUSH 2                                                 ; |Arg1 = 00000002
0041C6A4  |.  E8 F02F0100 CALL WaGan.0042F699                                     ; \WaGan.0042F699
0041C6A9  |.  83C4 08    ADD ESP,8
0041C6AC  |>  C745 F4 00000>MOV DWORD PTR SS:[EBP-C],0
0041C6B3  |.  EB 6D       JMP SHORT WaGan.0041C722
0041C6B5  |>  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
0041C6B8  |.  E8 B32F0400 CALL WaGan.0045F670
0041C6BD  |.  8BC8       MOV ECX,EAX
0041C6BF  |.  6BC9 48    IMUL ECX,ECX,48
0041C6C2  |.  81C1 0000D600 ADD ECX,0D60000
0041C6C8  |.  E8 039FFEFF CALL WaGan.004065D0
0041C6CD  |.  8AC8       MOV CL,AL
0041C6CF  |.  81E1 FF000000 AND ECX,0FF
0041C6D5  |.  8B45 F0    MOV EAX,DWORD PTR SS:[EBP-10]
0041C6D8  |.  25 FF000000 AND EAX,0FF
0041C6DD  |.  99          CDQ
0041C6DE  |.  BE 03000000 MOV ESI,3
0041C6E3  |.  F7FE       IDIV ESI
0041C6E5  |.  83C2 01    ADD EDX,1
0041C6E8  |.  6BD2 14    IMUL EDX,EDX,14
0041C6EB  |.  3BCA       CMP ECX,EDX
0041C6ED  |.  7D 33       JGE SHORT WaGan.0041C722
0041C6EF  |.  837D 10 00 CMP DWORD PTR SS:[EBP+10],0
0041C6F3  |.  75 26       JNZ SHORT WaGan.0041C71B
0041C6F5  |.  8B45 F0    MOV EAX,DWORD PTR SS:[EBP-10]
0041C6F8  |.  25 FF000000 AND EAX,0FF
0041C6FD  |.  99          CDQ
0041C6FE  |.  B9 03000000 MOV ECX,3
0041C703  |.  F7F9       IDIV ECX
0041C705  |.  83C2 01    ADD EDX,1
0041C708  |.  6BD2 14    IMUL EDX,EDX,14
0041C70B  |.  52          PUSH EDX                                                 ; /Arg3
0041C70C  |.  68 7CB64800 PUSH WaGan.0048B67C                                     ; |Arg2 = 0048B67C
0041C711  |.  6A 02       PUSH 2                                                 ; |Arg1 = 00000002
0041C713  |.  E8 812F0100 CALL WaGan.0042F699                                     ; \WaGan.0042F699
0041C718  |.  83C4 0C    ADD ESP,0C
0041C71B  |>  C745 F4 00000>MOV DWORD PTR SS:[EBP-C],0
0041C722  |>  8B45 F4    MOV EAX,DWORD PTR SS:[EBP-C]
0041C725  |.  5E          POP ESI
0041C726  |.  8BE5       MOV ESP,EBP
0041C728  |.  5D          POP EBP
0041C729  \.  C3          RETN
0041C72A .  4DC54100    DD WaGan.0041C54D                                        ;  分支表被用于 0041C546
0041C72E .  22C74100    DD WaGan.0041C722
0041C732 .  52C54100    DD WaGan.0041C552
0041C736 .  72C54100    DD WaGan.0041C572
0041C73A .  92C54100    DD WaGan.0041C592
0041C73E .  B2C54100    DD WaGan.0041C5B2
0041C742 .  D2C54100    DD WaGan.0041C5D2
0041C746 .  22C74100    DD WaGan.0041C722
0041C74A .  22C74100    DD WaGan.0041C722
0041C74E .  22C74100    DD WaGan.0041C722
0041C752 .  22C74100    DD WaGan.0041C722
0041C756 .  22C74100    DD WaGan.0041C722
0041C75A .  F5C54100    DD WaGan.0041C5F5
0041C75E .  38C64100    DD WaGan.0041C638

修改了双字节能力后的能力设置

[广告] 安装Alexa工具条，提高轩辕排名，支持轩辕发展！


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#43

发表于 2007-12-30 21:34 资料个人空间短消息只看该作者

从Data读信息入内存(关于道具)

[广告] 真诚支持说岳，携手共创辉煌


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#44

发表于 2007-12-30 21:35 资料个人空间短消息只看该作者

处理反击

004063A4  |.  8B45 F0    MOV EAX,DWORD PTR SS:[EBP-10]
004063A7  |.  8B4D F0    MOV ECX,DWORD PTR SS:[EBP-10]
004063AA  |.  8A51 10    MOV DL,BYTE PTR DS:[ECX+10]
004063AD  |.  8850 01    MOV BYTE PTR DS:[EAX+1],DL
004063B0  |.  8B45 F0    MOV EAX,DWORD PTR SS:[EBP-10]
004063B3  |.  33C9       XOR ECX,ECX
004063B5  |.  8A48 01    MOV CL,BYTE PTR DS:[EAX+1]
004063B8  |.  6BC9 24    IMUL ECX,ECX,24
004063BB  |.  81C1 502C4B00 ADD ECX,Ekd5大白.004B2C50
004063C1  |.  894D FC    MOV DWORD PTR SS:[EBP-4],ECX
004063C4  |.  833D 042E4900>CMP DWORD PTR DS:[492E04],1
004063CB  |.  77 27       JA SHORT Ekd5大白.004063F4          退出没有攻击
004063CD  |.  833D 042E4900>CMP DWORD PTR DS:[492E04],0
004063D4  |.  76 2D       JBE SHORT Ekd5大白.00406403             正常反击不用28判断

004063D6  |.  6A 28       PUSH 28 反击后反击
004063D8  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
004063DB  |.  E8 90920500 CALL Ekd5大白.0045F670 获取武将ecx的data编号
004063E0  |.  8BC8       MOV ECX,EAX                            ; |
004063E2  |.  6BC9 48    IMUL ECX,ECX,48                         ; |
004063E5  |.  81C1 0000D600 ADD ECX,0D60000                         ; |
004063EB  |.  E8 19160000 CALL Ekd5大白.00407A09             ; \Ekd5大白.00407A09  检测武将ecx是否装备特殊效果为08栈的特殊道具
004063F0  |.  85C0       TEST EAX,EAX
004063F2  |.  75 0F       JNZ SHORT Ekd5大白.00406403          反击后再反击

004063F4  |>  C705 042E4900>MOV DWORD PTR DS:[492E04],0
004063FE  |.  E9 E9000000 JMP Ekd5大白.004064EC                退出没有攻击

00406403  |>  C745 F8 01000>MOV DWORD PTR SS:[EBP-8],1
0040640A  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
0040640D  |.  E8 4ECFFFFF CALL Ekd5大白.00403360          //把ECX+6
00406412  |.  50          PUSH EAX                               ; /Arg1
00406413  |.  8B4D F0    MOV ECX,DWORD PTR SS:[EBP-10]          ; |
00406416  |.  81C1 25040000 ADD ECX,425                            ; |
0040641C  |.  E8 7F010000 CALL Ekd5大白.004065A0                   ; \Ekd5大白.004065A0
00406421  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
00406424  |.  E8 95940300 CALL Ekd5大白.0043F8BE (获取反击武将兵种攻击范围)

00406429  |.  8845 F4    MOV BYTE PTR SS:[EBP-C],AL
0040642C  |.  8B55 F0    MOV EDX,DWORD PTR SS:[EBP-10]
0040642F  |.  8A02       MOV AL,BYTE PTR DS:[EDX]
00406431  |.  A2 282C4B00 MOV BYTE PTR DS:[4B2C28],AL
00406436  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
00406439  |.  E8 52C80600 CALL Ekd5大白.00472C90 返回反击武将的当前体力
0040643E  |.  85C0       TEST EAX,EAX
00406440  |.  75 09       JNZ SHORT Ekd5大白.0040644B
00406442  |.  C745 F8 00000>MOV DWORD PTR SS:[EBP-8],0
00406449  |.  EB 64       JMP SHORT Ekd5大白.004064AF          退出，反击武将HP等于0

0040644B  |>  6A 08       PUSH 8                                  ; /Arg1 = 00000008
0040644D  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]          ; |
00406450  |.  E8 8B020000 CALL Ekd5大白.004066E0                   ; \Ekd5大白.004066E0
00406455  |.  85C0       TEST EAX,EAX
00406457  |.  74 09       JE SHORT Ekd5大白.00406462
00406459  |.  C745 F8 00000>MOV DWORD PTR SS:[EBP-8],0
00406460  |.  EB 4D       JMP SHORT Ekd5大白.004064AF 退出，反击武将当前处于混乱中

00406462  |>  6A 2C       PUSH 2C                               ; /Arg1 = 0000002C
00406464  |.  8B4D F0    MOV ECX,DWORD PTR SS:[EBP-10]          ; |
00406467  |.  8B49 08    MOV ECX,DWORD PTR DS:[ECX+8]          ; |  垃圾代码
0040646A  |.  E8 9A150000 CALL Ekd5大白.00407A09                   ; \Ekd5大白.00407A09 被反击武将是否为无反击攻击

0040646F  |.  85C0       TEST EAX,EAX
00406471  |.  74 09       JE SHORT Ekd5大白.0040647C
00406473  |.  C745 F8 00000>MOV DWORD PTR SS:[EBP-8],0
0040647A  |.  EB 33       JMP SHORT Ekd5大白.004064AF          退出，被反击武将是无反击攻击

0040647C  |>  8B55 F0    MOV EDX,DWORD PTR SS:[EBP-10] //被反击
0040647F  |.  33C0       XOR EAX,EAX
00406481  |.  8A02       MOV AL,BYTE PTR DS:[EDX]
00406483  |.  8BF0       MOV ESI,EAX
00406485  |.  6A 00       PUSH 0                                  ; /Arg4 = 00000000
00406487  |.  6A 00       PUSH 0                                  ; |Arg3 = 00000000
00406489  |.  8A4D F4    MOV CL,BYTE PTR SS:[EBP-C]             ; |
0040648C  |.  51          PUSH ECX                               ; |Arg2
0040648D  |.  8B55 F0    MOV EDX,DWORD PTR SS:[EBP-10]          ; |
00406490  |.  81C2 25040000 ADD EDX,425                            ; |
00406496  |.  52          PUSH EDX                               ; |Arg1       这个是特殊内存地址的值
00406497  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]          ; |
0040649A  |.  E8 E7000300 CALL Ekd5大白.00436586                   ; \Ekd5大白.00436586
0040649F  |.  25 FF000000 AND EAX,0FF
004064A4  |.  3BF0       CMP ESI,EAX
004064A6  |.  74 07       JE SHORT Ekd5大白.004064AF
004064A8  |.  C745 F8 00000>MOV DWORD PTR SS:[EBP-8],0
004064AF  |>  837D F8 00 CMP DWORD PTR SS:[EBP-8],0
004064B3  |.  74 37       JE SHORT Ekd5大白.004064EC    退出，无反击

004064B5  |.  A1 042E4900 MOV EAX,DWORD PTR DS:[492E04]
004064BA  |.  83C0 01    ADD EAX,1
004064BD  |.  A3 042E4900 MOV DWORD PTR DS:[492E04],EAX
004064C2  |.  8B4D F0    MOV ECX,DWORD PTR SS:[EBP-10]
004064C5  |.  8A11       MOV DL,BYTE PTR DS:[ECX]
004064C7  |.  52          PUSH EDX                               ; /Arg2
004064C8  |.  8B45 F0    MOV EAX,DWORD PTR SS:[EBP-10]          ; |
004064CB  |.  8A48 01    MOV CL,BYTE PTR DS:[EAX+1]             ; |
004064CE  |.  51          PUSH ECX                               ; |Arg1
004064CF  |.  E8 55F30200 CALL Ekd5大白.00435829                   ; \Ekd5大白.00435829
004064D4  |.  83C4 08    ADD ESP,8
004064D7  |.  8B55 F0    MOV EDX,DWORD PTR SS:[EBP-10]
004064DA  |.  8A02       MOV AL,BYTE PTR DS:[EDX]

004064DC  |.  50          PUSH EAX                               ; /Arg2  反击者
004064DD  |.  8B4D F0    MOV ECX,DWORD PTR SS:[EBP-10]          ; |
004064E0  |.  8A51 01    MOV DL,BYTE PTR DS:[ECX+1]             ; |
004064E3  |.  52          PUSH EDX                               ; |Arg1  被反击者
004064E4  |.  8B4D F0    MOV ECX,DWORD PTR SS:[EBP-10]          ; |
004064E7  |.  E8 05000000 CALL Ekd5大白.004064F1                   ; \Ekd5大白.004064F1 开始攻击进入攻击
004064EC  |>  5E          POP ESI
004064ED  |.  8BE5       MOV ESP,EBP
004064EF  |.  5D          POP EBP
004064F0  \.  C3          RETN

///////////////////////////////////////////////////////////////////////////////////攻击范围判断的
0043F8BE  /$  55          PUSH EBP
0043F8BF  |.  8BEC       MOV EBP,ESP
0043F8C1  |.  51          PUSH ECX
0043F8C2  |.  894D FC    MOV DWORD PTR SS:[EBP-4],ECX
0043F8C5  |.  6A 2A       PUSH 2A                               ; /Arg1 = 0000002A
0043F8C7  |.  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]          ; |
0043F8CA  |.  8B08       MOV ECX,DWORD PTR DS:[EAX]             ; |
0043F8CC  |.  6BC9 48    IMUL ECX,ECX,48                         ; |
0043F8CF  |.  81C1 681B4A00 ADD ECX,雪芸.004A1B68                   ; |
0043F8D5  |.  E8 2F81FCFF CALL 雪芸.00407A09                      ; \雪芸.00407A09 判断是否带有远距离攻击的宝物
0043F8DA  |.  85C0       TEST EAX,EAX
0043F8DC  |.  74 17       JE SHORT 雪芸.0043F8F5
0043F8DE  |.  6A 2A       PUSH 2A                               ; /Arg1 = 0000002A
0043F8E0  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]          ; |
0043F8E3  |.  8B09       MOV ECX,DWORD PTR DS:[ECX]             ; |
0043F8E5  |.  6BC9 48    IMUL ECX,ECX,48                         ; |
0043F8E8  |.  81C1 681B4A00 ADD ECX,雪芸.004A1B68                   ; |
0043F8EE  |.  E8 FF81FCFF CALL 雪芸.00407AF2             ; \雪芸.00407AF2  获取武将ecx装备特殊效果为08栈的特殊道具的特殊效果值
0043F8F3  |.  EB 1E       JMP SHORT 雪芸.0043F913 （这就是所谓的兵种覆盖宝物）
0043F8F5  |>  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
0043F8F8  |.  E8 73E6FDFF CALL 雪芸.0041DF70 获取武将ecx的兵种
0043F8FD  |.  8AC8       MOV CL,AL
0043F8FF  |.  81E1 FF000000 AND ECX,0FF
0043F905  |.  6BC9 1B    IMUL ECX,ECX,1B                      乘以27（共27种职业）
0043F908  |.  81C1 A0BF4A00 ADD ECX,雪芸.004ABFA0
0043F90E  |.  E8 8D000100 CALL 雪芸.0044F9A0                      ;  获取兵种的攻击范围
0043F913  |>  8BE5       MOV ESP,EBP
0043F915  |.  5D          POP EBP
0043F916  \.  C3          RETN

[广告] 真诚支持说岳，携手共创辉煌


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#45

发表于 2007-12-30 21:36 资料个人空间短消息只看该作者

撤退台词

[广告] 真诚支持说岳，携手共创辉煌


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#46

发表于 2007-12-30 21:37 资料个人空间短消息只看该作者

策略

00425627  /$  55          PUSH EBP
00425628  |.  8BEC       MOV EBP,ESP
0042562A  |.  83EC 08    SUB ESP,8
0042562D  |.  894D FC    MOV DWORD PTR SS:[EBP-4],ECX
00425630  |.  8A45 0C    MOV AL,BYTE PTR SS:[EBP+C]
00425633  |.  50          PUSH EAX                               ; /Arg2
00425634  |.  8A4D 08    MOV CL,BYTE PTR SS:[EBP+8]             ; |
00425637  |.  51          PUSH ECX                               ; |Arg1
00425638  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]          ; |
0042563B  |.  E8 A1FBFFFF CALL 雪芸.004251E1                      ; \雪芸.004251E1

00425640  |.  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]
00425643  |.  8B4A 08    MOV ECX,DWORD PTR DS:[EDX+8]
00425646  |.  E8 85040000 CALL 雪芸.00425AD0
0042564B  |.  25 FF000000 AND EAX,0FF
00425650  |.  33C9       XOR ECX,ECX
00425652  |.  83F8 07    CMP EAX,7
00425655  |.  0F94C1       SETE CL

00425658  |.  51          PUSH ECX                               ; /Arg3
00425659  |.  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]          ; |
0042565C  |.  8A42 01    MOV AL,BYTE PTR DS:[EDX+1]             ; |
0042565F  |.  50          PUSH EAX                               ; |Arg2
00425660  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]          ; |
00425663  |.  8A11       MOV DL,BYTE PTR DS:[ECX]                ; |
00425665  |.  52          PUSH EDX                               ; |Arg1
00425666  |.  E8 5EA8FFFF CALL 雪芸.0041FEC9                      ; \雪芸.0041FEC9
0042566B  |.  83C4 0C    ADD ESP,0C
0042566E  |.  85C0       TEST EAX,EAX
00425670  |.  75 0E       JNZ SHORT 雪芸.00425680
00425672  |.  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
00425675  |.  8B80 AC040000 MOV EAX,DWORD PTR DS:[EAX+4AC]
0042567B  |.  E9 3D030000 JMP 雪芸.004259BD
00425680  |>  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
00425683  |.  33D2       XOR EDX,EDX
00425685  |.  8A11       MOV DL,BYTE PTR DS:[ECX]
00425687  |.  33C0       XOR EAX,EAX
00425689  |.  8A82 C0664800 MOV AL,BYTE PTR DS:[EDX+4866C0]
0042568F  |.  83F8 63    CMP EAX,63
00425692  |.  7E 37       JLE SHORT 雪芸.004256CB
00425694  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
00425697  |.  33D2       XOR EDX,EDX
00425699  |.  8A11       MOV DL,BYTE PTR DS:[ECX]
0042569B  |.  33C0       XOR EAX,EAX
0042569D  |.  8A82 C0664800 MOV AL,BYTE PTR DS:[EDX+4866C0]
004256A3  |.  3D FF000000 CMP EAX,0FF
004256A8  |.  74 21       JE SHORT 雪芸.004256CB
004256AA  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
004256AD  |.  33D2       XOR EDX,EDX
004256AF  |.  8A11       MOV DL,BYTE PTR DS:[ECX]
004256B1  |.  8A82 C0664800 MOV AL,BYTE PTR DS:[EDX+4866C0]
004256B7  |.  50          PUSH EAX                               ; /Arg1
004256B8  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]          ; |
004256BB  |.  E8 3FC1FFFF CALL 雪芸.004217FF                      ; \雪芸.004217FF
004256C0  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
004256C3  |.  8981 B0040000 MOV DWORD PTR DS:[ECX+4B0],EAX
004256C9  |.  EB 0D       JMP SHORT 雪芸.004256D8
004256CB  |>  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]
004256CE  |.  C782 B0040000>MOV DWORD PTR DS:[EDX+4B0],0
004256D8  |>  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
004256DB  |.  33C9       XOR ECX,ECX
004256DD  |.  8A08       MOV CL,BYTE PTR DS:[EAX]
004256DF  |.  894D F8    MOV DWORD PTR SS:[EBP-8],ECX
004256E2  |.  837D F8 43 CMP DWORD PTR SS:[EBP-8],43
004256E6  |.  0F87 A0020000 JA 雪芸.0042598C
004256EC  |.  8B45 F8    MOV EAX,DWORD PTR SS:[EBP-8]
004256EF  |.  33D2       XOR EDX,EDX
004256F1  |.  8A90 3F5A4200 MOV DL,BYTE PTR DS:[EAX+425A3F]
004256F7  |.  FF2495 C35942>JMP DWORD PTR DS:[EDX*4+4259C3]
004256FE  |>  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
00425701  |.  C681 54020000>MOV BYTE PTR DS:[ECX+254],40 损HP
00425708  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
0042570B  |.  E8 2EDAFFFF CALL 雪芸.0042313E
00425710  |.  E9 81020000 JMP 雪芸.00425996

00425715  |>  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]
00425718  |.  C682 54020000>MOV BYTE PTR DS:[EDX+254],50
0042571F  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
00425722  |.  E8 17DAFFFF CALL 雪芸.0042313E
00425727  |.  E9 6A020000 JMP 雪芸.00425996

0042572C  |>  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4] 砂暴
0042572F  |.  C680 54020000>MOV BYTE PTR DS:[EAX+254],40
00425736  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
00425739  |.  E8 FCEAFFFF CALL 雪芸.0042423A
0042573E  |.  E9 53020000 JMP 雪芸.00425996

00425743  |>  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
00425746  |.  C681 54020000>MOV BYTE PTR DS:[ECX+254],62
0042574D  |.  6A 00       PUSH 0                                  ; /Arg1 = 00000000
0042574F  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]          ; |
00425752  |.  E8 04DCFFFF CALL 雪芸.0042335B                      ; \雪芸.0042335B
00425757  |.  E9 3A020000 JMP 雪芸.00425996

0042575C  |>  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]
0042575F  |.  C682 54020000>MOV BYTE PTR DS:[EDX+254],64
00425766  |.  6A 00       PUSH 0                                  ; /Arg1 = 00000000
00425768  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]          ; |
0042576B  |.  E8 EBDBFFFF CALL 雪芸.0042335B                      ; \雪芸.0042335B
00425770  |.  E9 21020000 JMP 雪芸.00425996

00425775  |>  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
00425778  |.  C680 54020000>MOV BYTE PTR DS:[EAX+254],60
0042577F  |.  6A 00       PUSH 0                                  ; /Arg1 = 00000000
00425781  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]          ; |
00425784  |.  E8 D2DBFFFF CALL 雪芸.0042335B                      ; \雪芸.0042335B
00425789  |.  E9 08020000 JMP 雪芸.00425996

0042578E  |>  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
00425791  |.  C681 54020000>MOV BYTE PTR DS:[ECX+254],61
00425798  |.  6A 00       PUSH 0                                  ; /Arg1 = 00000000
0042579A  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]          ; |
0042579D  |.  E8 B9DBFFFF CALL 雪芸.0042335B                      ; \雪芸.0042335B
004257A2  |.  E9 EF010000 JMP 雪芸.00425996

004257A7  |>  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]
004257AA  |.  C682 54020000>MOV BYTE PTR DS:[EDX+254],70
004257B1  |.  6A 00       PUSH 0                                  ; /Arg1 = 00000000
004257B3  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]          ; |
004257B6  |.  E8 8EDDFFFF CALL 雪芸.00423549                      ; \雪芸.00423549
004257BB  |.  E9 D6010000 JMP 雪芸.00425996

004257C0  |>  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
004257C3  |.  C680 54020000>MOV BYTE PTR DS:[EAX+254],71
004257CA  |.  6A 00       PUSH 0                                  ; /Arg1 = 00000000
004257CC  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]          ; |
004257CF  |.  E8 75DDFFFF CALL 雪芸.00423549                      ; \雪芸.00423549
004257D4  |.  E9 BD010000 JMP 雪芸.00425996

004257D9  |>  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
004257DC  |.  C681 54020000>MOV BYTE PTR DS:[ECX+254],72
004257E3  |.  6A 00       PUSH 0                                  ; /Arg1 = 00000000
004257E5  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]          ; |
004257E8  |.  E8 5CDDFFFF CALL 雪芸.00423549                      ; \雪芸.00423549
004257ED  |.  E9 A4010000 JMP 雪芸.00425996

004257F2  |>  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]
004257F5  |.  C682 54020000>MOV BYTE PTR DS:[EDX+254],74
004257FC  |.  6A 00       PUSH 0                                  ; /Arg1 = 00000000
004257FE  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]          ; |
00425801  |.  E8 43DDFFFF CALL 雪芸.00423549                      ; \雪芸.00423549
00425806  |.  E9 8B010000 JMP 雪芸.00425996

0042580B  |>  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
0042580E  |.  C680 54020000>MOV BYTE PTR DS:[EAX+254],80
00425815  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
00425818  |.  E8 70DFFFFF CALL 雪芸.0042378D
0042581D  |.  E9 74010000 JMP 雪芸.00425996

00425822  |>  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
00425825  |.  C681 54020000>MOV BYTE PTR DS:[ECX+254],90
0042582C  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
0042582F  |.  E8 59DFFFFF CALL 雪芸.0042378D
00425834  |.  E9 5D010000 JMP 雪芸.00425996

00425839  |>  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]
0042583C  |.  C682 54020000>MOV BYTE PTR DS:[EDX+254],0A8
00425843  |.  6A 01       PUSH 1                                  ; /Arg1 = 00000001
00425845  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]          ; |
00425848  |.  E8 0EDBFFFF CALL 雪芸.0042335B                      ; \雪芸.0042335B
0042584D  |.  E9 44010000 JMP 雪芸.00425996

00425852  |>  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
00425855  |.  C680 54020000>MOV BYTE PTR DS:[EAX+254],0A2
0042585C  |.  6A 01       PUSH 1                                  ; /Arg1 = 00000001
0042585E  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]          ; |
00425861  |.  E8 F5DAFFFF CALL 雪芸.0042335B                      ; \雪芸.0042335B
00425866  |.  E9 2B010000 JMP 雪芸.00425996

0042586B  |>  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
0042586E  |.  C681 54020000>MOV BYTE PTR DS:[ECX+254],0A4
00425875  |.  6A 01       PUSH 1                                  ; /Arg1 = 00000001
00425877  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]          ; |
0042587A  |.  E8 DCDAFFFF CALL 雪芸.0042335B                      ; \雪芸.0042335B
0042587F  |.  E9 12010000 JMP 雪芸.00425996

00425884  |>  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]
00425887  |.  C682 54020000>MOV BYTE PTR DS:[EDX+254],0A0
0042588E  |.  6A 01       PUSH 1                                  ; /Arg1 = 00000001
00425890  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]          ; |
00425893  |.  E8 C3DAFFFF CALL 雪芸.0042335B                      ; \雪芸.0042335B
00425898  |.  E9 F9000000 JMP 雪芸.00425996

0042589D  |>  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
004258A0  |.  C680 54020000>MOV BYTE PTR DS:[EAX+254],0A1
004258A7  |.  6A 01       PUSH 1                                  ; /Arg1 = 00000001
004258A9  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]          ; |
004258AC  |.  E8 AADAFFFF CALL 雪芸.0042335B                      ; \雪芸.0042335B
004258B1  |.  E9 E0000000 JMP 雪芸.00425996

004258B6  |>  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
004258B9  |.  C681 54020000>MOV BYTE PTR DS:[ECX+254],0BF
004258C0  |.  6A 01       PUSH 1                                  ; /Arg1 = 00000001
004258C2  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]          ; |
004258C5  |.  E8 7FDCFFFF CALL 雪芸.00423549                      ; \雪芸.00423549
004258CA  |.  E9 C7000000 JMP 雪芸.00425996

004258CF  |>  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]
004258D2  |.  C682 54020000>MOV BYTE PTR DS:[EDX+254],0B8
004258D9  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
004258DC  |.  E8 7FE0FFFF CALL 雪芸.00423960
004258E1  |.  E9 B0000000 JMP 雪芸.00425996

004258E6  |>  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
004258E9  |.  C680 54020000>MOV BYTE PTR DS:[EAX+254],0FF
004258F0  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
004258F3  |.  E8 E4E5FFFF CALL 雪芸.00423EDC
004258F8  |.  E9 99000000 JMP 雪芸.00425996

004258FD  |>  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
00425900  |.  C681 54020000>MOV BYTE PTR DS:[ECX+254],0C0
00425907  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
0042590A  |.  E8 20E2FFFF CALL 雪芸.00423B2F
0042590F  |.  E9 82000000 JMP 雪芸.00425996

00425914  |>  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]
00425917  |.  C682 54020000>MOV BYTE PTR DS:[EDX+254],0A0
0042591E  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
00425921  |.  E8 9AE3FFFF CALL 雪芸.00423CC0
00425926  |.  EB 6E       JMP SHORT 雪芸.00425996

00425928  |>  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
0042592B  |.  C680 54020000>MOV BYTE PTR DS:[EAX+254],0AF
00425932  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
00425935  |.  E8 86E3FFFF CALL 雪芸.00423CC0
0042593A  |.  EB 5A       JMP SHORT 雪芸.00425996

0042593C  |>  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
0042593F  |.  C681 54020000>MOV BYTE PTR DS:[ECX+254],90
00425946  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
00425949  |.  E8 1EE4FFFF CALL 雪芸.00423D6C
0042594E  |.  EB 46       JMP SHORT 雪芸.00425996

00425950  |>  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]
00425953  |.  C682 54020000>MOV BYTE PTR DS:[EDX+254],40
0042595A  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
0042595D  |.  E8 3CF5FFFF CALL 雪芸.00424E9E
00425962  |.  EB 32       JMP SHORT 雪芸.00425996

00425964  |>  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
00425967  |.  C680 54020000>MOV BYTE PTR DS:[EAX+254],0FF
0042596E  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
00425971  |.  E8 9AEEFFFF CALL 雪芸.00424810
00425976  |.  EB 1E       JMP SHORT 雪芸.00425996

00425978  |>  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
0042597B  |.  C681 54020000>MOV BYTE PTR DS:[ECX+254],0BF
00425982  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
00425985  |.  E8 89EBFFFF CALL 雪芸.00424513
0042598A  |.  EB 0A       JMP SHORT 雪芸.00425996

0042598C  |>  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]
0042598F  |.  C682 54020000>MOV BYTE PTR DS:[EDX+254],0

00425996  |>  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
00425999  |.  83B8 B0040000>CMP DWORD PTR DS:[EAX+4B0],0
004259A0  |.  74 0A       JE SHORT 雪芸.004259AC
004259A2  |.  B9 88274900 MOV ECX,雪芸.00492788
004259A7  |.  E8 EFCCFDFF CALL 雪芸.0040269B
004259AC  |>  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
004259AF  |.  E8 59D5FFFF CALL 雪芸.00422F0D
004259B4  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
004259B7  |.  8B81 AC040000 MOV EAX,DWORD PTR DS:[ECX+4AC]
004259BD  |>  8BE5       MOV ESP,EBP
004259BF  |.  5D          POP EBP
004259C0  \.  C2 0800    RETN 8

004259C3 .  FE564200    DD 雪芸.004256FE                         ;  分支表被用于 004256F7
004259C7 .  2C574200    DD 雪芸.0042572C
004259CB .  FE564200    DD 雪芸.004256FE
004259CF .  15574200    DD 雪芸.00425715
004259D3 .  43574200    DD 雪芸.00425743
004259D7 .  5C574200    DD 雪芸.0042575C
004259DB .  75574200    DD 雪芸.00425775
004259DF .  8E574200    DD 雪芸.0042578E
004259E3 .  C0574200    DD 雪芸.004257C0
004259E7 .  A7574200    DD 雪芸.004257A7
004259EB .  D9574200    DD 雪芸.004257D9
004259EF .  F2574200    DD 雪芸.004257F2
004259F3 .  E6584200    DD 雪芸.004258E6
004259F7 .  0B584200    DD 雪芸.0042580B
004259FB .  22584200    DD 雪芸.00425822
004259FF .  B6584200    DD 雪芸.004258B6
00425A03 .  39584200    DD 雪芸.00425839
00425A07 .  52584200    DD 雪芸.00425852
00425A0B .  6B584200    DD 雪芸.0042586B
00425A0F .  84584200    DD 雪芸.00425884
00425A13 .  9D584200    DD 雪芸.0042589D
00425A17 .  CF584200    DD 雪芸.004258CF
00425A1B .  FD584200    DD 雪芸.004258FD
00425A1F .  14594200    DD 雪芸.00425914
00425A23 .  3C594200    DD 雪芸.0042593C
00425A27 .  28594200    DD 雪芸.00425928
00425A2B .  50594200    DD 雪芸.00425950
00425A2F .  FE564200    DD 雪芸.004256FE
00425A33 .  64594200    DD 雪芸.00425964
00425A37 .  78594200    DD 雪芸.00425978
00425A3B .  8C594200    DD 雪芸.0042598C

00425A3F .  00          DB 00       灼热                   ;  分支 004259C3 索引表  //策略效果编号
00425A40 .  00          DB 00    烈火
00425A41 .  00          DB 00    火阵
00425A42 .  00          DB 00    火龙
00425A43 .  00          DB 00    暴炎
00425A44 .  00          DB 00       浊流
00425A45 .  00          DB 00    激流
00425A46 .  00          DB 00    水阵
00425A47 .  00          DB 00       水龙
00425A48 .  00          DB 00    海啸
00425A49 .  00          DB 00       旋风
00425A4A .  00          DB 00    龙卷
00425A4B .  00          DB 00       风阵
00425A4C .  00          DB 00       风龙 --〉004256FE       损HP

00425A4D .  01          DB 01    砂暴 --〉0042572C

00425A4E .  02          DB 02       落石
00425A4F .  02          DB 02    落岩
00425A50 .  02          DB 02 地阵
00425A51 .  02          DB 02 地龙
00425A52 .  02          DB 02 山崩
00425A53 .  02          DB 02 诱惑
00425A54 .  02          DB 02 晕眩 --〉004256FE          损HP

00425A55 .  03          DB 03 碟报 --〉00425715

00425A56 .  04          DB 04 钝兵 --〉00425743
00425A57 .  04          DB 04 钝队

00425A58 .  05          DB 05 虚脱   0042575C
00425A59 .  05          DB 05 厌战

00425A5A .  06          DB 06 压迫  00425775
00425A5B .  06          DB 06 威吓

00425A5C .  07          DB 07 咒骂 
00425A5D .  07          DB 07 挑泼

00425A5E .  08          DB 08 流言
00425A5F .  08          DB 08 谎报

00425A60 .  09          DB 09 毒烟
00425A61 .  09          DB 09 毒雾

00425A62 .  0A          DB 0A 困敌
00425A63 .  0A          DB 0A 定军

00425A64 .  0B          DB 0B 封咒

00425A65 .  0C          DB 0C 八阵图

00425A66 .  0D          DB 0D 小补给
00425A67 .  0D          DB 0D 大补给
00425A68 .  0D          DB 0D 援队
00425A69 .  0D          DB 0D 援军
00425A6A .  0D          DB 0D 输送

00425A6B .  0E          DB 0E 建言
00425A6C .  0E          DB 0E 献策

00425A6D .  0F          DB 0F 觉醒
00425A6E .  0F          DB 0F 大觉醒

00425A6F .  10          DB 10 强行

00425A70 .  11          DB 11 练兵
00425A71 .  11          DB 11 练队

00425A72 .  12          DB 12 昂扬
00425A73 .  12          DB 12 欢声

00425A74 .  13          DB 13 奋起
00425A75 .  13          DB 13 鼓舞

00425A76 .  14          DB 14 坚固
00425A77 .  14          DB 14 强阵

00425A78 .  15          DB 15 回归

00425A79 .  16          DB 16 豪雨
00425A7A .  16          DB 16 晴明
00425A7B .  16          DB 16 云天

00425A7C .  17          DB 17 气合

00425A7D .  18          DB 18 冥想

00425A7E .  19          DB 19 霸气

00425A7F .  1A          DB 1A 青龙
00425A80 .  1B          DB 1B 朱雀
00425A81 .  1C          DB 1C 玄武
00425A82 .  1D          DB 1D 白虎
------------------------------------------------------
跳转号　效果号　策略效果
00　 40　　　损HP，包括朱雀
01　　　40　　　砂暴
03　　　50　　　谍报
04　　　62　　　降低敏捷
05　　　64　　　降低士气
06　　　60　　　降低能力
07　　　61　　　降低防御
08　　　71　　　混乱
09　　　70　　　中毒
0A　　　72　　　麻痹
0B　　　74　　　封咒
0C　　　FF　　　八阵图
0D　　　80　　　加HP
0E　　　90　　　加MP
0F　　　BF　　　恢复状态
10　　　A8　　　增加移动力
11　　　A2　　　增加敏捷
12　　　A4　　　增加士气
13　　　A0　　　增加能力
14　　　A1　　　增加防御
15　　　B8　　　再次行动
16　　　C0　　　气候变化
17　　　A0　　　气合
18　　　90　　　冥想
19　　　AF　　　霸气
1A　　　40　　　青龙
1C　　　FF　　　玄武
1D　　　BF　　　白虎

[广告] 《精忠报国岳飞传完整版》火热发布


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#47

发表于 2007-12-30 21:37 资料个人空间短消息只看该作者

菜单处理响应函数

00474C59  /$  55          PUSH EBP
00474C5A  |.  8BEC       MOV EBP,ESP
00474C5C  |.  6A FF       PUSH -1
00474C5E  |.  68 885B4800 PUSH 雪芸.00485B88                      ;  SE 处理程序安装
00474C63  |.  64:A1 0000000>MOV EAX,DWORD PTR FS:[0]
00474C69  |.  50          PUSH EAX
00474C6A  |.  64:8925 00000>MOV DWORD PTR FS:[0],ESP
00474C71  |.  81EC 180B0000 SUB ESP,0B18
00474C77  |.  8B45 10    MOV EAX,DWORD PTR SS:[EBP+10]
00474C7A  |.  8985 DCF4FFFF MOV DWORD PTR SS:[EBP-B24],EAX
00474C80  |.  83BD DCF4FFFF>CMP DWORD PTR SS:[EBP-B24],65
00474C87  |.  77 1B       JA SHORT 雪芸.00474CA4
00474C89  |.  83BD DCF4FFFF>CMP DWORD PTR SS:[EBP-B24],65
00474C90  |.  0F84 8B000000 JE 雪芸.00474D21                         存档
00474C96  |.  83BD DCF4FFFF>CMP DWORD PTR SS:[EBP-B24],14
00474C9D  |.  74 7B       JE SHORT 雪芸.00474D1A
00474C9F  |.  E9 7F010000 JMP 雪芸.00474E23
00474CA4  |>  81BD DCF4FFFF>CMP DWORD PTR SS:[EBP-B24],9C89
00474CAE  |.  77 39       JA SHORT 雪芸.00474CE9                   宝物图鉴，地形情报，道具一览，
00474CB0  |.  81BD DCF4FFFF>CMP DWORD PTR SS:[EBP-B24],9C89
00474CBA  |.  0F84 44010000 JE 雪芸.00474E04                         版本情报
00474CC0  |.  8B8D DCF4FFFF MOV ECX,DWORD PTR SS:[EBP-B24]
00474CC6  |.  83E9 66    SUB ECX,66
00474CC9  |.  898D DCF4FFFF MOV DWORD PTR SS:[EBP-B24],ECX
00474CCF  |.  83BD DCF4FFFF>CMP DWORD PTR SS:[EBP-B24],8
00474CD6  |.  0F87 47010000 JA 雪芸.00474E23
00474CDC  |.  8B95 DCF4FFFF MOV EDX,DWORD PTR SS:[EBP-B24]
00474CE2  |.  FF2495 334E47>JMP DWORD PTR DS:[EDX*4+474E33]
00474CE9  |>  81BD DCF4FFFF>CMP DWORD PTR SS:[EBP-B24],9CD3
00474CF3  |.  74 79       JE SHORT 雪芸.00474D6E
00474CF5  |.  81BD DCF4FFFF>CMP DWORD PTR SS:[EBP-B24],9CD6
00474CFF  |.  0F84 81000000 JE 雪芸.00474D86
00474D05  |.  81BD DCF4FFFF>CMP DWORD PTR SS:[EBP-B24],9CD7 宝物图鉴
00474D0F  |.  0F84 A2000000 JE 雪芸.00474DB7
00474D15  |.  E9 09010000 JMP 雪芸.00474E23
00474D1A  |>  33C0       XOR EAX,EAX
00474D1C  |.  E9 04010000 JMP 雪芸.00474E25
00474D21  |>  E8 4057FAFF CALL 雪芸.0041A466
00474D26  |.  E9 F8000000 JMP 雪芸.00474E23
00474D2B  |>  E8 C956FAFF CALL 雪芸.0041A3F9
00474D30  |.  E9 EE000000 JMP 雪芸.00474E23
00474D35  |>  6A 00       PUSH 0                                  ; /lParam = 0
00474D37  |.  6A 00       PUSH 0                                  ; |wParam = 0
00474D39  |.  6A 10       PUSH 10                               ; |Message = WM_CLOSE
00474D3B  |.  A1 686A4B00 MOV EAX,DWORD PTR DS:[4B6A68]          ; |
00474D40  |.  50          PUSH EAX                               ; |hWnd => B0B9E
00474D41  |.  FF15 18634800 CALL DWORD PTR DS:[<&USER32.PostMessageA>; \PostMessageA
00474D47  |.  E9 D7000000 JMP 雪芸.00474E23
00474D4C  |>  8B4D 08    MOV ECX,DWORD PTR SS:[EBP+8]
00474D4F  |.  51          PUSH ECX                               ; /Arg2
00474D50  |.  8B15 606A4B00 MOV EDX,DWORD PTR DS:[4B6A60]          ; |雪芸.00400000
00474D56  |.  52          PUSH EDX                               ; |Arg1 => 00400000
00474D57  |.  E8 2E620000 CALL 雪芸.0047AF8A                      ; \雪芸.0047AF8A
00474D5C  |.  83C4 08    ADD ESP,8
00474D5F  |.  E9 BF000000 JMP 雪芸.00474E23
00474D64  |>  E8 834FFDFF CALL 雪芸.00449CEC
00474D69  |.  E9 B5000000 JMP 雪芸.00474E23
00474D6E  |>  8B45 08    MOV EAX,DWORD PTR SS:[EBP+8]
00474D71  |.  50          PUSH EAX                               ; /Arg2
00474D72  |.  8B0D 606A4B00 MOV ECX,DWORD PTR DS:[4B6A60]          ; |雪芸.00400000
00474D78  |.  51          PUSH ECX                               ; |Arg1 => 00400000
00474D79  |.  E8 0E36FFFF CALL 雪芸.0046838C                      ; \雪芸.0046838C
00474D7E  |.  83C4 08    ADD ESP,8
00474D81  |.  E9 9D000000 JMP 雪芸.00474E23
00474D86  |>  8D8D 3CFFFFFF LEA ECX,DWORD PTR SS:[EBP-C4]
00474D8C  |.  E8 8F080000 CALL 雪芸.00475620
00474D91  |.  C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0
00474D98  |.  8D8D 3CFFFFFF LEA ECX,DWORD PTR SS:[EBP-C4]
00474D9E  |.  E8 D3A0FFFF CALL 雪芸.0046EE76
00474DA3  |.  C745 FC FFFFF>MOV DWORD PTR SS:[EBP-4],-1
00474DAA  |.  8D8D 3CFFFFFF LEA ECX,DWORD PTR SS:[EBP-C4]
00474DB0  |.  E8 EB080000 CALL 雪芸.004756A0
00474DB5  |.  EB 6C       JMP SHORT 雪芸.00474E23
00474DB7  |>  8D8D ECF4FFFF LEA ECX,DWORD PTR SS:[EBP-B14]
00474DBD  |.  E8 3E090000 CALL 雪芸.00475700
00474DC2  |.  C745 FC 01000>MOV DWORD PTR SS:[EBP-4],1
00474DC9  |.  8D8D ECF4FFFF LEA ECX,DWORD PTR SS:[EBP-B14]
00474DCF  |.  E8 ACC2FFFF CALL 雪芸.00471080
00474DD4  |.  C745 FC FFFFF>MOV DWORD PTR SS:[EBP-4],-1
00474DDB  |.  8D8D ECF4FFFF LEA ECX,DWORD PTR SS:[EBP-B14]
00474DE1  |.  E8 4A090000 CALL 雪芸.00475730
00474DE6  |.  EB 3B       JMP SHORT 雪芸.00474E23
00474DE8  |>  E8 5671FAFF CALL 雪芸.0041BF43
00474DED  |.  EB 34       JMP SHORT 雪芸.00474E23
00474DEF  |>  E8 A24FFDFF CALL 雪芸.00449D96
00474DF4  |.  EB 2D       JMP SHORT 雪芸.00474E23
00474DF6  |>  E8 B34EFDFF CALL 雪芸.00449CAE
00474DFB  |.  EB 26       JMP SHORT 雪芸.00474E23
00474DFD  |>  E8 D04EFDFF CALL 雪芸.00449CD2
00474E02  |.  EB 1F       JMP SHORT 雪芸.00474E23
00474E04  |>  8D8D E0F4FFFF LEA ECX,DWORD PTR SS:[EBP-B20]
00474E0A  |.  E8 9195F9FF CALL 雪芸.0040E3A0
00474E0F  |.  8B55 08    MOV EDX,DWORD PTR SS:[EBP+8]
00474E12  |.  52          PUSH EDX                               ; /Arg2
00474E13  |.  68 5C010000 PUSH 15C                               ; |Arg1 = 0000015C
00474E18  |.  8D8D E0F4FFFF LEA ECX,DWORD PTR SS:[EBP-B20]          ; |
00474E1E  |.  E8 7582FFFF CALL 雪芸.0046D098                      ; \雪芸.0046D098
00474E23  |>  33C0       XOR EAX,EAX 退出
00474E25  |>  8B4D F4    MOV ECX,DWORD PTR SS:[EBP-C]
00474E28  |.  64:890D 00000>MOV DWORD PTR FS:[0],ECX
00474E2F  |.  8BE5       MOV ESP,EBP
00474E31  |.  5D          POP EBP
00474E32  \.  C3          RETN
00474E33 .  2B4D4700    DD 雪芸.00474D2B                读档       ;  分支表被用于 00474CE2
00474E37 .  234E4700    DD 雪芸.00474E23             退出
00474E3B .  354D4700    DD 雪芸.00474D35             结束游戏
00474E3F .  4C4D4700    DD 雪芸.00474D4C          武将情报一览
00474E43 .  644D4700    DD 雪芸.00474D64    胜利条件
00474E47 .  E84D4700    DD 雪芸.00474DE8             环境设定
00474E4B .  EF4D4700    DD 雪芸.00474DEF          战场缩略图
00474E4F .  F64D4700    DD 雪芸.00474DF6    结束回合
00474E53 .  FD4D4700    DD 雪芸.00474DFD          检索未执行部队

[广告] 《精忠报国岳飞传完整版》火热发布


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#48

发表于 2007-12-30 21:37 资料个人空间短消息只看该作者

背景显示

0040BC1A  /$  55          PUSH EBP
0040BC1B  |.  8BEC       MOV EBP,ESP
0040BC1D  |.  837D 08 FF CMP DWORD PTR SS:[EBP+8],-1
0040BC21  |.  73 12       JNB SHORT WaGan.0040BC35
0040BC23  |.  8B45 0C    MOV EAX,DWORD PTR SS:[EBP+C]
0040BC26  |.  50          PUSH EAX                            ; /Arg2
0040BC27  |.  8B4D 08    MOV ECX,DWORD PTR SS:[EBP+8]       ; |
0040BC2A  |.  51          PUSH ECX                            ; |Arg1
0040BC2B  |.  B9 40C64A00 MOV ECX,WaGan.004AC640             ; | Mmap.e5的句柄地址
0040BC30  |.  E8 54400100 CALL WaGan.0041FC89                ; \WaGan.0041FC89             里面是文件操作
0040BC35  |>  5D          POP EBP
0040BC36  \.  C3          RETN

00413DFB  |.  FF2485 AD3E41>JMP DWORD PTR DS:[EAX*4+413EAD]

===Eax=3, 战场地图
00413E02  |>  8A4D EC    MOV CL,BYTE PTR SS:[EBP-14]
00413E05  |.  51          PUSH ECX                               ; /Arg2
00413E06  |.  8A55 FC    MOV DL,BYTE PTR SS:[EBP-4]             ; |
00413E09  |.  52          PUSH EDX                               ; |Arg1
00413E0A  |.  E8 C17DFFFF CALL WaGan.0040BBD0                   ; \WaGan.0040BBD0
00413E0F  |.  83C4 08    ADD ESP,8
00413E12  |.  8A45 EC    MOV AL,BYTE PTR SS:[EBP-14]
00413E15  |.  A2 083D4B00 MOV BYTE PTR DS:[4B3D08],AL
00413E1A  |.  EB 79       JMP SHORT WaGan.00413E95
=====Eax=2    内场景
00413E1C  |>  8B4D F4    MOV ECX,DWORD PTR SS:[EBP-C]
00413E1F  |.  81E1 FFFF0000 AND ECX,0FFFF
00413E25  |.  81F9 FFFF0000 CMP ECX,0FFFF
00413E2B  |.  75 06       JNZ SHORT WaGan.00413E33
00413E2D  |.  66:C745 F4 00>MOV WORD PTR SS:[EBP-C],0
00413E33  |>  8A55 F4    MOV DL,BYTE PTR SS:[EBP-C]
00413E36  |.  52          PUSH EDX                               ; /Arg2
00413E37  |.  8A45 FC    MOV AL,BYTE PTR SS:[EBP-4]             ; |
00413E3A  |.  50          PUSH EAX                               ; |Arg1
00413E3B  |.  E8 907DFFFF CALL WaGan.0040BBD0                   ; \WaGan.0040BBD0
00413E40  |.  83C4 08    ADD ESP,8
00413E43  |.  EB 50       JMP SHORT WaGan.00413E95
=====Eax=0    外场景
00413E45  |>  8B4D F0    MOV ECX,DWORD PTR SS:[EBP-10]
00413E48  |.  81E1 FFFF0000 AND ECX,0FFFF
00413E4E  |.  81F9 FFFF0000 CMP ECX,0FFFF
00413E54  |.  75 06       JNZ SHORT WaGan.00413E5C
00413E56  |.  66:C745 F0 00>MOV WORD PTR SS:[EBP-10],0
00413E5C  |>  8A55 F0    MOV DL,BYTE PTR SS:[EBP-10]
00413E5F  |.  52          PUSH EDX                               ; /Arg2
00413E60  |.  8A45 FC    MOV AL,BYTE PTR SS:[EBP-4]             ; |
00413E63  |.  50          PUSH EAX                               ; |Arg1
00413E64  |.  E8 677DFFFF CALL WaGan.0040BBD0                   ; \WaGan.0040BBD0
00413E69  |.  83C4 08    ADD ESP,8
00413E6C  |.  EB 27       JMP SHORT WaGan.00413E95
=====Eax=1  中国地图
00413E6E  |>  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]
00413E71  |.  81E1 FFFF0000 AND ECX,0FFFF
00413E77  |.  81F9 FFFF0000 CMP ECX,0FFFF
00413E7D  |.  75 06       JNZ SHORT WaGan.00413E85
00413E7F  |.  66:C745 F8 00>MOV WORD PTR SS:[EBP-8],0
00413E85  |>  8A55 F8    MOV DL,BYTE PTR SS:[EBP-8]
00413E88  |.  52          PUSH EDX                               ; /Arg2
00413E89  |.  8A45 FC    MOV AL,BYTE PTR SS:[EBP-4]             ; |
00413E8C  |.  50          PUSH EAX                               ; |Arg1
00413E8D  |.  E8 3E7DFFFF CALL WaGan.0040BBD0                   ; \WaGan.0040BBD0
00413E92  |.  83C4 08    ADD ESP,8
00413E95  |>  8B0D 9CBF4A00 MOV ECX,DWORD PTR DS:[4ABF9C]
00413E9B  |.  83C9 02    OR ECX,2
00413E9E  |.  890D 9CBF4A00 MOV DWORD PTR DS:[4ABF9C],ECX
00413EA4  |.  B8 02000000 MOV EAX,2
00413EA9  |>  8BE5       MOV ESP,EBP
00413EAB  |.  5D          POP EBP
00413EAC  \.  C3          RETN
00413EAD .  453E4100    DD WaGan.00413E45                      ;  分支表被用于 00413DFB
00413EB1 .  6E3E4100    DD WaGan.00413E6E
00413EB5 .  1C3E4100    DD WaGan.00413E1C
00413EB9 .  023E4100    DD WaGan.00413E02

核心函数:
0040BBD0  /$  55          PUSH EBP
0040BBD1  |.  8BEC       MOV EBP,ESP
0040BBD3  |.  8A45 08    MOV AL,BYTE PTR SS:[EBP+8]
0040BBD6  |.  50          PUSH EAX                            ; /Arg1
0040BBD7  |.  B9 3CC64A00 MOV ECX,WaGan.004AC63C             ; |
0040BBDC  |.  E8 1F020000 CALL WaGan.0040BE00                   ; \WaGan.0040BE00  将08栈的值，写入Ecx地址所指的地方
0040BBE1  |.  E8 3CFDFFFF CALL WaGan.0040B922 读写入的值
0040BBE6  |.  85C0       TEST EAX,EAX
0040BBE8  |.  74 11       JE SHORT WaGan.0040BBFB
0040BBEA  |.  68 FF000000 PUSH 0FF                               ; /Arg1 = 000000FF
0040BBEF  |.  B9 3CC64A00 MOV ECX,WaGan.004AC63C                ; |
0040BBF4  |.  E8 27020000 CALL WaGan.0040BE20                   ; \WaGan.0040BE20将08栈的值，写入Ecx地址+1所指的地方
0040BBF9  |.  EB 0E       JMP SHORT WaGan.0040BC09
0040BBFB  |>  8A4D 0C    MOV CL,BYTE PTR SS:[EBP+C]
0040BBFE  |.  51          PUSH ECX                               ; /Arg1 这个就是图象是第几张
0040BBFF  |.  B9 3CC64A00 MOV ECX,WaGan.004AC63C                ; |
0040BC04  |.  E8 17020000 CALL WaGan.0040BE20                   ; \WaGan.0040BE20 将08栈的值，写入Ecx地址+1所指的地方
0040BC09  |>  8B15 9CBF4A00 MOV EDX,DWORD PTR DS:[4ABF9C]
0040BC0F  |.  83CA 02    OR EDX,2
0040BC12  |.  8915 9CBF4A00 MOV DWORD PTR DS:[4ABF9C],EDX
0040BC18  |.  5D          POP EBP
0040BC19  \.  C3          RETN

绘图：
00413EBD  /.  55          PUSH EBP
00413EBE  |.  8BEC       MOV EBP,ESP
00413EC0  |.  E8 4E7AFFFF CALL WaGan.0040B913       取4AC63C地址的值  （是单字节AL，所以马上AND一下）
00413EC5  |.  25 FF000000 AND EAX,0FF
00413ECA  |.  83F8 02    CMP EAX,2
00413ECD  |.  75 07       JNZ SHORT WaGan.00413ED6
00413ECF  |.  E8 3D4C0100 CALL WaGan.00428B11
00413ED4  |.  EB 05       JMP SHORT WaGan.00413EDB
00413ED6  |>  E8 2AA50000 CALL WaGan.0041E405                //非内场景
00413EDB  |>  B8 01000000 MOV EAX,1
00413EE0  |.  5D          POP EBP
00413EE1  \.  C3          RETN

0040B913  /$  55          PUSH EBP
0040B914  |.  8BEC       MOV EBP,ESP
0040B916  |.  B9 3CC64A00 MOV ECX,WaGan.004AC63C
0040B91B  |.  E8 90FFFFFF CALL WaGan.0040B8B0
0040B920  |.  5D          POP EBP
0040B921  \.  C3          RETN

0041E405  /$  55          PUSH EBP
0041E406  |.  8BEC       MOV EBP,ESP
0041E408  |.  81EC 14030000 SUB ESP,314
0041E40E  |.  C745 F4 70774>MOV DWORD PTR SS:[EBP-C],WaGan.00497770
0041E415  |.  A1 686A4B00 MOV EAX,DWORD PTR DS:[4B6A68]
0041E41A  |.  50          PUSH EAX                                  ; /hWnd => NULL
0041E41B  |.  FF15 98624800 CALL DWORD PTR DS:[<&USER32.GetDC>]       ; \GetDC
0041E421  |.  8945 F0    MOV DWORD PTR SS:[EBP-10],EAX
0041E424  |.  6A 0C       PUSH 0C                                     ; /Index = BITSPIXEL
0041E426  |.  8B4D F0    MOV ECX,DWORD PTR SS:[EBP-10]             ; |
0041E429  |.  51          PUSH ECX                                  ; |hDC
0041E42A  |.  FF15 3C604800 CALL DWORD PTR DS:[<&GDI32.GetDeviceCaps>] ; \GetDeviceCaps
0041E430  |.  33D2       XOR EDX,EDX
0041E432  |.  83F8 08    CMP EAX,8
0041E435  |.  0F94C2       SETE DL
0041E438  |.  8955 F8    MOV DWORD PTR SS:[EBP-8],EDX
0041E43B  |.  8B45 F0    MOV EAX,DWORD PTR SS:[EBP-10]
0041E43E  |.  50          PUSH EAX                                  ; /hDC
0041E43F  |.  8B0D 686A4B00 MOV ECX,DWORD PTR DS:[4B6A68]             ; |
0041E445  |.  51          PUSH ECX                                  ; |hWnd => NULL
0041E446  |.  FF15 9C624800 CALL DWORD PTR DS:[<&USER32.ReleaseDC>]    ; \ReleaseDC
0041E44C  |.  6A 07       PUSH 7
0041E44E  |.  E8 77ED0500 CALL WaGan.0047D1CA
0041E453  |.  83C4 04    ADD ESP,4
0041E456  |.  C645 FC 00 MOV BYTE PTR SS:[EBP-4],0
0041E45A  |.  EB 09       JMP SHORT WaGan.0041E465
0041E45C  |>  8A55 FC    /MOV DL,BYTE PTR SS:[EBP-4]
0041E45F  |.  80C2 01    |ADD DL,1
0041E462  |.  8855 FC    |MOV BYTE PTR SS:[EBP-4],DL
0041E465  |>  8B45 FC       MOV EAX,DWORD PTR SS:[EBP-4]
0041E468  |.  25 FF000000 |AND EAX,0FF
0041E46D  |.  83F8 0A    |CMP EAX,0A                               //10个阶层的显示亮度
0041E470  |.  0F8D 17010000 |JGE WaGan.0041E58D
0041E476  |.  E8 49060600 |CALL WaGan.0047EAC4 //发消息的
0041E47B  |.  C785 ECFCFFFF>|MOV DWORD PTR SS:[EBP-314],0A
0041E485  |.  EB 0F       |JMP SHORT WaGan.0041E496
0041E487  |>  8B8D ECFCFFFF |/MOV ECX,DWORD PTR SS:[EBP-314]
0041E48D  |.  83C1 01    ||ADD ECX,1
0041E490  |.  898D ECFCFFFF ||MOV DWORD PTR SS:[EBP-314],ECX
0041E496  |>  81BD ECFCFFFF>| CMP DWORD PTR SS:[EBP-314],0F6
0041E4A0  |.  0F83 B5000000 ||JNB WaGan.0041E55B
0041E4A6  |.  8B95 ECFCFFFF ||MOV EDX,DWORD PTR SS:[EBP-314]
0041E4AC  |.  6BD2 03    ||IMUL EDX,EDX,3
0041E4AF  |.  8B45 F4    ||MOV EAX,DWORD PTR SS:[EBP-C]
0041E4B2  |.  33C9       ||XOR ECX,ECX
0041E4B4  |.  8A0C10       ||MOV CL,BYTE PTR DS:[EAX+EDX]
0041E4B7  |.  8BC1       ||MOV EAX,ECX
0041E4B9  |.  8B55 FC    ||MOV EDX,DWORD PTR SS:[EBP-4]
0041E4BC  |.  81E2 FF000000 ||AND EDX,0FF
0041E4C2  |.  0FAFC2       ||IMUL EAX,EDX
0041E4C5  |.  6BC0 0A    ||IMUL EAX,EAX,0A
0041E4C8  |.  99          ||CDQ
0041E4C9  |.  B9 64000000 ||MOV ECX,64
0041E4CE  |.  F7F9       ||IDIV ECX
0041E4D0  |.  8B95 ECFCFFFF ||MOV EDX,DWORD PTR SS:[EBP-314]
0041E4D6  |.  6BD2 03    ||IMUL EDX,EDX,3
0041E4D9  |.  888415 F0FCFF>||MOV BYTE PTR SS:[EBP+EDX-310],AL
0041E4E0  |.  8B85 ECFCFFFF ||MOV EAX,DWORD PTR SS:[EBP-314]
0041E4E6  |.  6BC0 03    ||IMUL EAX,EAX,3
0041E4E9  |.  8B4D F4    ||MOV ECX,DWORD PTR SS:[EBP-C]
0041E4EC  |.  33D2       ||XOR EDX,EDX
0041E4EE  |.  8A5401 01    ||MOV DL,BYTE PTR DS:[ECX+EAX+1]
0041E4F2  |.  8BC2       ||MOV EAX,EDX
0041E4F4  |.  8B4D FC    ||MOV ECX,DWORD PTR SS:[EBP-4]
0041E4F7  |.  81E1 FF000000 ||AND ECX,0FF
0041E4FD  |.  0FAFC1       ||IMUL EAX,ECX
0041E500  |.  6BC0 0A    ||IMUL EAX,EAX,0A
0041E503  |.  99          ||CDQ
0041E504  |.  B9 64000000 ||MOV ECX,64
0041E509  |.  F7F9       ||IDIV ECX
0041E50B  |.  8B95 ECFCFFFF ||MOV EDX,DWORD PTR SS:[EBP-314]
0041E511  |.  6BD2 03    ||IMUL EDX,EDX,3
0041E514  |.  888415 F1FCFF>||MOV BYTE PTR SS:[EBP+EDX-30F],AL
0041E51B  |.  8B85 ECFCFFFF ||MOV EAX,DWORD PTR SS:[EBP-314]
0041E521  |.  6BC0 03    ||IMUL EAX,EAX,3
0041E524  |.  8B4D F4    ||MOV ECX,DWORD PTR SS:[EBP-C]
0041E527  |.  33D2       ||XOR EDX,EDX
0041E529  |.  8A5401 02    ||MOV DL,BYTE PTR DS:[ECX+EAX+2]
0041E52D  |.  8BC2       ||MOV EAX,EDX
0041E52F  |.  8B4D FC    ||MOV ECX,DWORD PTR SS:[EBP-4]
0041E532  |.  81E1 FF000000 ||AND ECX,0FF
0041E538  |.  0FAFC1       ||IMUL EAX,ECX
0041E53B  |.  6BC0 0A    ||IMUL EAX,EAX,0A
0041E53E  |.  99          ||CDQ
0041E53F  |.  B9 64000000 ||MOV ECX,64
0041E544  |.  F7F9       ||IDIV ECX
0041E546  |.  8B95 ECFCFFFF ||MOV EDX,DWORD PTR SS:[EBP-314]
0041E54C  |.  6BD2 03    ||IMUL EDX,EDX,3
0041E54F  |.  888415 F2FCFF>||MOV BYTE PTR SS:[EBP+EDX-30E],AL
0041E556  |.^ E9 2CFFFFFF |\JMP WaGan.0041E487
0041E55B  |>  8D85 0EFDFFFF |LEA EAX,DWORD PTR SS:[EBP-2F2]
0041E561  |.  50          |PUSH EAX
0041E562  |.  68 EC000000 |PUSH 0EC
0041E567  |.  6A 0A       |PUSH 0A
0041E569  |.  E8 F9020600 |CALL WaGan.0047E867 绘图
0041E56E  |.  83C4 0C    |ADD ESP,0C
0041E571  |.  837D F8 00 |CMP DWORD PTR SS:[EBP-8],0
0041E575  |.  74 11       |JE SHORT WaGan.0041E588
0041E577  |.  6A 01       |PUSH 1                               ; /Arg1 = 00000001
0041E579  |.  B9 181B4B00 |MOV ECX,WaGan.004B1B18                ; |
0041E57E  |.  E8 BD4DFEFF |CALL WaGan.00403340                   ; \WaGan.00403340 //单挑开始的那个函数里也有这个画图的。
0041E583  |.  E8 58DF0000 |CALL WaGan.0042C4E0                //单挑开始的那个函数里也有这个画图的
0041E588  |>^ E9 CFFEFFFF \JMP WaGan.0041E45C
0041E58D  |>  8B4D F4    MOV ECX,DWORD PTR SS:[EBP-C]
0041E590  |.  83C1 1E    ADD ECX,1E
0041E593  |.  51          PUSH ECX
0041E594  |.  68 EC000000 PUSH 0EC
0041E599  |.  6A 0A       PUSH 0A
0041E59B  |.  E8 C7020600 CALL WaGan.0047E867 绘图
0041E5A0  |.  83C4 0C    ADD ESP,0C
0041E5A3  |.  6A 03       PUSH 3                      ; /Arg1 = 00000003
0041E5A5  |.  B9 181B4B00 MOV ECX,WaGan.004B1B18       ; |
0041E5AA  |.  E8 914DFEFF CALL WaGan.00403340          ; \WaGan.00403340
0041E5AF  |.  E8 2CDF0000 CALL WaGan.0042C4E0
0041E5B4  |.  B9 986A4B00 MOV ECX,WaGan.004B6A98       ;  ASCII "XvH"
0041E5B9  |.  E8 87790500 CALL WaGan.00475F45
0041E5BE  |.  8BE5       MOV ESP,EBP
0041E5C0  |.  5D          POP EBP
0041E5C1  \.  C3          RETN

0047E867  /$  55          PUSH EBP
0047E868  |.  8BEC       MOV EBP,ESP
0047E86A  |.  51          PUSH ECX
0047E86B  |.  51          PUSH ECX
0047E86C  |.  A1 44D04B00 MOV EAX,DWORD PTR DS:[4BD044]
0047E871  |.  53          PUSH EBX
0047E872  |.  C1E0 02    SHL EAX,2
0047E875  |.  56          PUSH ESI
0047E876  |.  8B75 10    MOV ESI,DWORD PTR SS:[EBP+10]
0047E879  |.  83B8 B8884B00>CMP DWORD PTR DS:[EAX+4B88B8],>
0047E880  |.  57          PUSH EDI
0047E881  |.  8B7D 08    MOV EDI,DWORD PTR SS:[EBP+8]
0047E884  |.  8945 FC    MOV DWORD PTR SS:[EBP-4],EAX
0047E887  |.  74 03       JE SHORT WaGan.0047E88C
0047E889  |.  83C7 10    ADD EDI,10
0047E88C  |>  83FF 0A    CMP EDI,0A
0047E88F  |.  7D 12       JGE SHORT WaGan.0047E8A3
0047E891  |.  8B4D 0C    MOV ECX,DWORD PTR SS:[EBP+C]
0047E894  |.  2BF7       SUB ESI,EDI
0047E896  |.  6A 0A       PUSH 0A
0047E898  |.  83C6 0A    ADD ESI,0A
0047E89B  |.  8D4C39 F6    LEA ECX,DWORD PTR DS:[ECX+EDI->
0047E89F  |.  5F          POP EDI
0047E8A0  |.  894D 0C    MOV DWORD PTR SS:[EBP+C],ECX
0047E8A3  |>  8B4D 0C    MOV ECX,DWORD PTR SS:[EBP+C]
0047E8A6  |.  8D1439       LEA EDX,DWORD PTR DS:[ECX+EDI]
0047E8A9  |.  B9 F6000000 MOV ECX,0F6
0047E8AE  |.  3BD1       CMP EDX,ECX
0047E8B0  |.  7C 05       JL SHORT WaGan.0047E8B7
0047E8B2  |.  2BCF       SUB ECX,EDI
0047E8B4  |.  894D 0C    MOV DWORD PTR SS:[EBP+C],ECX
0047E8B7  |>  8B4D 0C    MOV ECX,DWORD PTR SS:[EBP+C]
0047E8BA  |.  897D 08    MOV DWORD PTR SS:[EBP+8],EDI
0047E8BD  |.  03CF       ADD ECX,EDI
0047E8BF  |.  3BF9       CMP EDI,ECX
0047E8C1  |.  894D F8    MOV DWORD PTR SS:[EBP-8],ECX
0047E8C4  |.  7D 69       JGE SHORT WaGan.0047E92F
0047E8C6  |.  8D0CBD 119E4B>LEA ECX,DWORD PTR DS:[EDI*4+4B>
0047E8CD  |.  8D1CBD 4A954B>LEA EBX,DWORD PTR DS:[EDI*4+4B>
0047E8D4  |.  894D 10    MOV DWORD PTR SS:[EBP+10],ECX
0047E8D7  |>  8A16       /MOV DL,BYTE PTR DS:[ESI]
0047E8D9  |.  8B88 28A24B00 |MOV ECX,DWORD PTR DS:[EAX+4BA>
0047E8DF  |.  8B45 08    |MOV EAX,DWORD PTR SS:[EBP+8]
0047E8E2  |.  D2E2       |SHL DL,CL
0047E8E4  |.  C1E0 02    |SHL EAX,2
0047E8E7  |.  46          |INC ESI
0047E8E8  |.  8890 48954B00 |MOV BYTE PTR DS:[EAX+4B9548],>
0047E8EE  |.  8890 129E4B00 |MOV BYTE PTR DS:[EAX+4B9E12],>
0047E8F4  |.  8A16       |MOV DL,BYTE PTR DS:[ESI]
0047E8F6  |.  D2E2       |SHL DL,CL
0047E8F8  |.  8B4D FC    |MOV ECX,DWORD PTR SS:[EBP-4]
0047E8FB  |.  46          |INC ESI
0047E8FC  |.  8B89 28A24B00 |MOV ECX,DWORD PTR DS:[ECX+4BA>
0047E902  |.  8813       |MOV BYTE PTR DS:[EBX],DL
0047E904  |.  8890 109E4B00 |MOV BYTE PTR DS:[EAX+4B9E10],>
0047E90A  |.  8A16       |MOV DL,BYTE PTR DS:[ESI]
0047E90C  |.  83C3 04    |ADD EBX,4
0047E90F  |.  D2E2       |SHL DL,CL
0047E911  |.  46          |INC ESI
0047E912  |.  FF45 08    |INC DWORD PTR SS:[EBP+8]
0047E915  |.  8890 49954B00 |MOV BYTE PTR DS:[EAX+4B9549],>
0047E91B  |.  8B45 10    |MOV EAX,DWORD PTR SS:[EBP+10]
0047E91E  |.  8345 10 04 |ADD DWORD PTR SS:[EBP+10],4
0047E922  |.  8810       |MOV BYTE PTR DS:[EAX],DL
0047E924  |.  8B45 08    |MOV EAX,DWORD PTR SS:[EBP+8]
0047E927  |.  3B45 F8    |CMP EAX,DWORD PTR SS:[EBP-8]
0047E92A  |.  8B45 FC    |MOV EAX,DWORD PTR SS:[EBP-4]
0047E92D  |.^ 7C A8       \JL SHORT WaGan.0047E8D7
0047E92F  |>  33F6       XOR ESI,ESI
0047E931  |.  3935 B07D4B00 CMP DWORD PTR DS:[4B7DB0],ESI
0047E937  |.  74 35       JE SHORT WaGan.0047E96E
0047E939  |.  33DB       XOR EBX,EBX
0047E93B  |.  3935 28C04B00 CMP DWORD PTR DS:[4BC028],ESI
0047E941  |.  7E 50       JLE SHORT WaGan.0047E993
0047E943  |.  C745 08 48994>MOV DWORD PTR SS:[EBP+8],WaGan>
0047E94A  |>  8B45 08    /MOV EAX,DWORD PTR SS:[EBP+8]
0047E94D  |.  68 48954B00 |PUSH WaGan.004B9548
0047E952  |.  68 00010000 |PUSH 100
0047E957  |.  56          |PUSH ESI
0047E958  |.  FF30       |PUSH DWORD PTR DS:[EAX]
0047E95A  |.  E8 A30A0000 |CALL WaGan.0047F402
0047E95F  |.  8345 08 04 |ADD DWORD PTR SS:[EBP+8],4
0047E963  |.  43          |INC EBX
0047E964  |.  3B1D 28C04B00 |CMP EBX,DWORD PTR DS:[4BC028]
0047E96A  |.^ 7C DE       \JL SHORT WaGan.0047E94A
0047E96C  |.  EB 25       JMP SHORT WaGan.0047E993
0047E96E  |>  56          PUSH ESI                      ; /ForceBackground
0047E96F  |.  FF35 DC8B4B00 PUSH DWORD PTR DS:[4B8BDC]    ; |hPalette = NULL
0047E975  |.  FFB0 48994B00 PUSH DWORD PTR DS:[EAX+4B9948] ; |hDC
0047E97B  |.  FF15 50604800 CALL DWORD PTR DS:[<&GDI32.Sel>; \SelectPalette
0047E981  |.  A1 44D04B00 MOV EAX,DWORD PTR DS:[4BD044]
0047E986  |.  FF3485 48994B>PUSH DWORD PTR DS:[EAX*4+4B994>; /hDC
0047E98D  |.  FF15 4C604800 CALL DWORD PTR DS:[<&GDI32.Rea>; \RealizePalette
0047E993  |>  8D04BD 109E4B>LEA EAX,DWORD PTR DS:[EDI*4+4B>
0047E99A  |.  50          PUSH EAX                      ; /pReplacement
0047E99B  |.  FF75 0C    PUSH DWORD PTR SS:[EBP+C]    ; |nEntries
0047E99E  |.  57          PUSH EDI                      ; |StartIndex
0047E99F  |.  FF35 DC8B4B00 PUSH DWORD PTR DS:[4B8BDC]    ; |hPalette = NULL
0047E9A5  |.  FF15 B4604800 CALL DWORD PTR DS:[<&GDI32.Ani>; \AnimatePalette
0047E9AB  |.  56          PUSH ESI                      ; /hWnd
0047E9AC  |.  FF15 98624800 CALL DWORD PTR DS:[<&USER32.Ge>; \GetDC
0047E9B2  |.  8BF8       MOV EDI,EAX
0047E9B4  |.  3BFE       CMP EDI,ESI
0047E9B6  |.  74 34       JE SHORT WaGan.0047E9EC
0047E9B8  |.  6A 0C       PUSH 0C                      ; /Index = BITSPIXEL
0047E9BA  |.  57          PUSH EDI                      ; |hDC
0047E9BB  |.  FF15 3C604800 CALL DWORD PTR DS:[<&GDI32.Get>; \GetDeviceCaps
0047E9C1  |.  83F8 08    CMP EAX,8
0047E9C4  |.  7E 1E       JLE SHORT WaGan.0047E9E4
0047E9C6  |.  A1 44D04B00 MOV EAX,DWORD PTR DS:[4BD044]
0047E9CB  |.  FF3485 E09A4B>PUSH DWORD PTR DS:[EAX*4+4B9AE>
0047E9D2  |.  FF3485 20924B>PUSH DWORD PTR DS:[EAX*4+4B922>
0047E9D9  |.  56          PUSH ESI
0047E9DA  |.  56          PUSH ESI
0047E9DB  |.  50          PUSH EAX
0047E9DC  |.  E8 85DFFFFF CALL WaGan.0047C966 画图
0047E9E1  |.  83C4 14    ADD ESP,14
0047E9E4  |>  57          PUSH EDI                      ; /hDC
0047E9E5  |.  56          PUSH ESI                      ; |hWnd
0047E9E6  |.  FF15 9C624800 CALL DWORD PTR DS:[<&USER32.Re>; \ReleaseDC
0047E9EC  |>  5F          POP EDI
0047E9ED  |.  5E          POP ESI
0047E9EE  |.  5B          POP EBX
0047E9EF  |.  C9          LEAVE
0047E9F0  \.  C3          RETN

0047E9DC  和  47EBE1处调用

0047C966  /$  55          PUSH EBP
0047C967  |.  8BEC       MOV EBP,ESP
0047C969  |.  81EC 20080000 SUB ESP,820
0047C96F  |.  53          PUSH EBX
0047C970  |.  33DB       XOR EBX,EBX
0047C972  |.  391D 2CC04B00 CMP DWORD PTR DS:[4BC02C],EBX
0047C978  |.  56          PUSH ESI
0047C979  |.  0F85 05010000 JNZ WaGan.0047CA84
0047C97F  |.  395D 14    CMP DWORD PTR SS:[EBP+14],EBX
0047C982  |.  0F84 FC000000 JE WaGan.0047CA84
0047C988  |.  395D 18    CMP DWORD PTR SS:[EBP+18],EBX
0047C98B  |.  0F84 F3000000 JE WaGan.0047CA84
0047C991  |.  8B45 08    MOV EAX,DWORD PTR SS:[EBP+8]
0047C994  |.  8BF0       MOV ESI,EAX
0047C996  |.  C1E6 02    SHL ESI,2
0047C999  |.  399E 48994B00 CMP DWORD PTR DS:[ESI+4B9948],EBX
0047C99F  |.  0F84 DF000000 JE WaGan.0047CA84
0047C9A5  |.  391D B07D4B00 CMP DWORD PTR DS:[4B7DB0],EBX
0047C9AB  |.  57          PUSH EDI
0047C9AC  |.  75 6B       JNZ SHORT WaGan.0047CA19
0047C9AE  |.  8D85 00F8FFFF LEA EAX,DWORD PTR SS:[EBP-800]
0047C9B4  |.  BF 00010000 MOV EDI,100
0047C9B9  |.  50          PUSH EAX                               ; /pPaletteentry
0047C9BA  |.  57          PUSH EDI                               ; |nEntries => 100 (256.)
0047C9BB  |.  53          PUSH EBX                               ; |StartIndex => 0
0047C9BC  |.  FF35 DC8B4B00 PUSH DWORD PTR DS:[4B8BDC]             ; |hPalette = NULL
0047C9C2  |.  FF15 A4604800 CALL DWORD PTR DS:[<&GDI32.GetPaletteEnt>; \GetPaletteEntries 获取调色版
0047C9C8  |.  33C0       XOR EAX,EAX
0047C9CA  |>  8A8C05 02F8FF>/MOV CL,BYTE PTR SS:[EBP+EAX-7FE]
0047C9D1  |.  888C05 00FCFF>|MOV BYTE PTR SS:[EBP+EAX-400],CL
0047C9D8  |.  8A8C05 00F8FF>|MOV CL,BYTE PTR SS:[EBP+EAX-800]
0047C9DF  |.  888C05 02FCFF>|MOV BYTE PTR SS:[EBP+EAX-3FE],CL
0047C9E6  |.  8A8C05 01F8FF>|MOV CL,BYTE PTR SS:[EBP+EAX-7FF]
0047C9ED  |.  888C05 01FCFF>|MOV BYTE PTR SS:[EBP+EAX-3FF],CL
0047C9F4  |.  889C05 03FCFF>|MOV BYTE PTR SS:[EBP+EAX-3FD],BL
0047C9FB  |.  83C0 04    |ADD EAX,4
0047C9FE  |.  3D 00040000 |CMP EAX,400
0047CA03  |.^ 7C C5       \JL SHORT WaGan.0047C9CA
0047CA05  |.  8D85 00FCFFFF LEA EAX,DWORD PTR SS:[EBP-400]
0047CA0B  |.  50          PUSH EAX
0047CA0C  |.  57          PUSH EDI
0047CA0D  |.  53          PUSH EBX
0047CA0E  |.  FFB6 48994B00 PUSH DWORD PTR DS:[ESI+4B9948]
0047CA14  |.  E8 E9290000 CALL WaGan.0047F402
0047CA19  |>  8B86 20924B00 MOV EAX,DWORD PTR DS:[ESI+4B9220]
0047CA1F  |.  3945 14    CMP DWORD PTR SS:[EBP+14],EAX
0047CA22  |.  7E 03       JLE SHORT WaGan.0047CA27
0047CA24  |.  8945 14    MOV DWORD PTR SS:[EBP+14],EAX
0047CA27  |>  8B86 E09A4B00 MOV EAX,DWORD PTR DS:[ESI+4B9AE0]
0047CA2D  |.  3945 18    CMP DWORD PTR SS:[EBP+18],EAX
0047CA30  |.  7E 03       JLE SHORT WaGan.0047CA35
0047CA32  |.  8945 18    MOV DWORD PTR SS:[EBP+18],EAX
0047CA35  |>  FFB6 80BE4B00 PUSH DWORD PTR DS:[ESI+4BBE80]          ; /hWnd
0047CA3B  |.  FF15 98624800 CALL DWORD PTR DS:[<&USER32.GetDC>]    ; \GetDC
0047CA41  |.  53          PUSH EBX                               ; /ForceBackground
0047CA42  |.  8BF8       MOV EDI,EAX                            ; |
0047CA44  |.  FF35 DC8B4B00 PUSH DWORD PTR DS:[4B8BDC]             ; |hPalette = NULL
0047CA4A  |.  57          PUSH EDI                               ; |hDC
0047CA4B  |.  FF15 50604800 CALL DWORD PTR DS:[<&GDI32.SelectPalette>; \SelectPalette 选择
0047CA51  |.  57          PUSH EDI                               ; /hDC
0047CA52  |.  FF15 4C604800 CALL DWORD PTR DS:[<&GDI32.RealizePalett>; \RealizePalette
0047CA58  |.  FF75 10    PUSH DWORD PTR SS:[EBP+10]             ; /Arg8
0047CA5B  |.  FF75 0C    PUSH DWORD PTR SS:[EBP+C]             ; |Arg7
0047CA5E  |.  FFB6 48994B00 PUSH DWORD PTR DS:[ESI+4B9948]          ; |Arg6
0047CA64  |.  FF75 18    PUSH DWORD PTR SS:[EBP+18]             ; |Arg5
0047CA67  |.  FF75 14    PUSH DWORD PTR SS:[EBP+14]             ; |Arg4
0047CA6A  |.  FF75 10    PUSH DWORD PTR SS:[EBP+10]             ; |Arg3
0047CA6D  |.  FF75 0C    PUSH DWORD PTR SS:[EBP+C]             ; |Arg2
0047CA70  |.  57          PUSH EDI                               ; |Arg1
0047CA71  |.  E8 A5290000 CALL WaGan.0047F41B                   ; \WaGan.0047F41B
0047CA76  |.  57          PUSH EDI                               ; /hDC
0047CA77  |.  FFB6 80BE4B00 PUSH DWORD PTR DS:[ESI+4BBE80]          ; |hWnd
0047CA7D  |.  FF15 9C624800 CALL DWORD PTR DS:[<&USER32.ReleaseDC>]  ; \ReleaseDC
0047CA83  |.  5F          POP EDI
0047CA84  |>  5E          POP ESI
0047CA85  |.  5B          POP EBX
0047CA86  |.  C9          LEAVE
0047CA87  \.  C3          RETN

[广告] 真诚支持说岳，携手共创辉煌


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#49

发表于 2007-12-30 21:38 资料个人空间短消息只看该作者

S里处理接收鼠标消息事件函数

[广告] 《精忠报国岳飞传完整版》火热发布


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#50

发表于 2007-12-30 21:38 资料个人空间短消息只看该作者

R剧本Game Over

410b14004158AF42b5f0

004158AF  /$  55          PUSH EBP
004158B0  |.  8BEC       MOV EBP,ESP
004158B2  |.  51          PUSH ECX
004158B3  |.  6A 12       PUSH 12                                              ; /Arg1 = 00000012
004158B5  |.  8B4D 08    MOV ECX,DWORD PTR SS:[EBP+8]                         ; |
004158B8  |.  E8 3A2B0000 CALL Ekd5.004183F7                                  ; \Ekd5.004183F7
004158BD  |.  66:8945 FC MOV WORD PTR SS:[EBP-4],AX
004158C1  |.  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
004158C4  |.  25 FFFF0000 AND EAX,0FFFF
004158C9  |.  3D 00800000 CMP EAX,8000
004158CE  |.  75 07       JNZ SHORT Ekd5.004158D7
004158D0  |.  B8 05000000 MOV EAX,5
004158D5  |.  EB 32       JMP SHORT Ekd5.00415909

004158D7  |>  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
004158DA  |.  81E1 FFFF0000 AND ECX,0FFFF
004158E0  |.  83F9 02    CMP ECX,2
004158E3  |.  7F 0E       JG SHORT Ekd5.004158F3

004158E5  |.  6A 01       PUSH 1                                              ; /Arg2 = 00000001
004158E7  |.  8A55 FC    MOV DL,BYTE PTR SS:[EBP-4]                            ; |
004158EA  |.  52          PUSH EDX                                              ; |Arg1
004158EB  |.  E8 C0480000 CALL Ekd5.0041A1B0                                  ; \Ekd5.0041A1B0
004158F0  |.  83C4 08    ADD ESP,8

004158F3  |>  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
004158F6  |.  25 FFFF0000 AND EAX,0FFFF
004158FB  |.  50          PUSH EAX                                              ; /Arg1
004158FC  |.  E8 C55E0100 CALL Ekd5.0042B7C6                                  ; \Ekd5.0042B7C6
00415901  |.  83C4 04    ADD ESP,4
00415904  |.  B8 01000000 MOV EAX,1
00415909  |>  8BE5       MOV ESP,EBP
0041590B  |.  5D          POP EBP
0041590C  \.  C3          RETN

0042B7C6  /$  55          PUSH EBP
0042B7C7  |.  8BEC       MOV EBP,ESP
0042B7C9  |.  E8 A2B00400 CALL Ekd5.00476870
0042B7CE  |.  E8 AFB00400 CALL Ekd5.00476882
0042B7D3  |.  B9 B0694B00 MOV ECX,Ekd5.004B69B0
0042B7D8  |.  E8 758E0400 CALL Ekd5.00474652
0042B7DD  |.  B9 B8694B00 MOV ECX,Ekd5.004B69B8
0042B7E2  |.  E8 328E0400 CALL Ekd5.00474619
0042B7E7  |.  E8 140E0000 CALL Ekd5.0042C600
0042B7EC  |.  E8 9E2EFFFF CALL Ekd5.0041E68F
0042B7F1  |.  6A 00       PUSH 0                                              ; /Arg5 = 00000000
0042B7F3  |.  6A 00       PUSH 0                                              ; |Arg4 = 00000000
0042B7F5  |.  6A 00       PUSH 0                                              ; |Arg3 = 00000000
0042B7F7  |.  6A 00       PUSH 0                                              ; |Arg2 = 00000000
0042B7F9  |.  6A 02       PUSH 2                                              ; |Arg1 = 00000002
0042B7FB  |.  E8 6240FFFF CALL Ekd5.0041F862                                  ; \Ekd5.0041F862
0042B800  |.  83C4 14    ADD ESP,14
0042B803  |.  8A45 08    MOV AL,BYTE PTR SS:[EBP+8]
0042B806  |.  50          PUSH EAX                                              ; /Arg1
0042B807  |.  E8 845A0000 CALL Ekd5.00431290                                  ; \Ekd5.00431290
0042B80C  |.  83C4 04    ADD ESP,4
0042B80F  |.  6A 00       PUSH 0                                              ; /Arg1 = 00000000
0042B811  |.  E8 DAFDFFFF CALL Ekd5.0042B5F0                                  ; \Ekd5.0042B5F0
0042B816  |.  83C4 04    ADD ESP,4
0042B819  |.  5D          POP EBP
0042B81A  \.  C3          RETN

0042B5F0  /$  55          PUSH EBP
0042B5F1  |.  8BEC       MOV EBP,ESP
0042B5F3  |.  6A 00       PUSH 0                                              ; /Arg1 = 00000000
0042B5F5  |.  B9 986A4B00 MOV ECX,Ekd5.004B6A98                               ; |
0042B5FA  |.  E8 68A80400 CALL Ekd5.00475E67                                  ; \Ekd5.00475E67
0042B5FF  |.  6A 00       PUSH 0                                              ; /Arg1 = 00000000
0042B601  |.  B9 C06B4B00 MOV ECX,Ekd5.004B6BC0                               ; |
0042B606  |.  E8 6BAB0400 CALL Ekd5.00476176                                  ; \Ekd5.00476176
0042B60B  |.  6A 00       PUSH 0                                              ; /Arg1 = 00000000
0042B60D  |.  E8 AAA30400 CALL Ekd5.004759BC                                  ; \Ekd5.004759BC
0042B612  |.  83C4 04    ADD ESP,4
0042B615  |.  B9 386F4900 MOV ECX,Ekd5.00496F38
0042B61A  |.  E8 A1EAFEFF CALL Ekd5.0041A0C0
0042B61F  |.  E8 9E2FFFFF CALL Ekd5.0041E5C2
0042B624  |.  E8 F902FEFF CALL Ekd5.0040B922
0042B629  |.  85C0       TEST EAX,EAX
0042B62B  |.  74 05       JE SHORT Ekd5.0042B632
0042B62D  |.  E8 86AE0400 CALL Ekd5.004764B8
0042B632  |>  B9 386F4900 MOV ECX,Ekd5.00496F38
0042B637  |.  E8 A6E9FEFF CALL Ekd5.00419FE2
0042B63C  |.  E8 B6FE0400 CALL Ekd5.0047B4F7
0042B641  |.  E8 B9510300 CALL Ekd5.004607FF
0042B646  |.  B9 B8694B00 MOV ECX,Ekd5.004B69B8
0042B64B  |.  E8 C98F0400 CALL Ekd5.00474619
0042B650  |.  B9 B8694B00 MOV ECX,Ekd5.004B69B8
0042B655  |.  E8 E58D0400 CALL Ekd5.0047443F
0042B65A  |.  B9 B0694B00 MOV ECX,Ekd5.004B69B0
0042B65F  |.  E8 EE8F0400 CALL Ekd5.00474652
0042B664  |.  A1 686A4B00 MOV EAX,DWORD PTR DS:[4B6A68]
0042B669  |.  50          PUSH EAX                                              ; /Arg1 => 00000000
0042B66A  |.  E8 9E41FFFF CALL Ekd5.0041F80D                                  ; \Ekd5.0041F80D
0042B66F  |.  83C4 04    ADD ESP,4
0042B672  |.  837D 08 00 CMP DWORD PTR SS:[EBP+8],0
0042B676  |.  74 05       JE SHORT Ekd5.0042B67D
0042B678  |.  E8 35000000 CALL Ekd5.0042B6B2
0042B67D  |>  E8 FBFEFFFF CALL Ekd5.0042B57D
0042B682  |.  68 E7030000 PUSH 3E7                                              ; /TimerID = 3E7 (999.)
0042B687  |.  8B0D 686A4B00 MOV ECX,DWORD PTR DS:[4B6A68]                         ; |
0042B68D  |.  51          PUSH ECX                                              ; |hWnd => NULL
0042B68E  |.  FF15 50624800 CALL DWORD PTR DS:[<&USER32.KillTimer>]             ; \KillTimer
0042B694  |.  E8 6E1A0500 CALL Ekd5.0047D107
0042B699  |.  8B15 686A4B00 MOV EDX,DWORD PTR DS:[4B6A68]
0042B69F  |.  52          PUSH EDX                                              ; /hWnd => NULL
0042B6A0  |.  FF15 54624800 CALL DWORD PTR DS:[<&USER32.DestroyWindow>]          ; \DestroyWindow
0042B6A6  |.  6A 00       PUSH 0
0042B6A8  |.  E8 835F0500 CALL Ekd5.00481630
0042B6AD  |.  83C4 04    ADD ESP,4
0042B6B0  |.  5D          POP EBP
0042B6B1  \.  C3          RETN

00481630  /$  8B4424 04    MOV EAX,DWORD PTR SS:[ESP+4]
00481634  |.  6A 00       PUSH 0
00481636  |.  6A 00       PUSH 0
00481638  |.  50          PUSH EAX
00481639  |.  E8 32000000 CALL Ekd5.00481670
0048163E  |.  83C4 0C    ADD ESP,0C
00481641  \.  C3          RETN

00481670  /$  A1 94CC4B00 MOV EAX,DWORD PTR DS:[4BCC94]
00481675  |.  53          PUSH EBX
00481676  |.  55          PUSH EBP
00481677  |.  8B6C24 0C    MOV EBP,DWORD PTR SS:[ESP+C]
0048167B  |.  83F8 01    CMP EAX,1
0048167E  |.  56          PUSH ESI
0048167F  |.  75 0E       JNZ SHORT Ekd5.0048168F
00481681  |.  55          PUSH EBP                                              ; /ExitCode
00481682  |.  FF15 B0614800 CALL DWORD PTR DS:[<&KERNEL32.GetCurrentProcess>]    ; |[GetCurrentProcess
00481688  |.  50          PUSH EAX                                              ; |hProcess
00481689  |.  FF15 B4614800 CALL DWORD PTR DS:[<&KERNEL32.TerminateProcess>]    ; \TerminateProcess
0048168F  |>  8B4424 14    MOV EAX,DWORD PTR SS:[ESP+14]
00481693  |.  8B5C24 18    MOV EBX,DWORD PTR SS:[ESP+18]
00481697  |.  85C0       TEST EAX,EAX
00481699  |.  C705 90CC4B00>MOV DWORD PTR DS:[4BCC90],1
004816A3  |.  881D 8CCC4B00 MOV BYTE PTR DS:[4BCC8C],BL
004816A9  |.  75 3E       JNZ SHORT Ekd5.004816E9
004816AB  |.  8B0D 90D84B00 MOV ECX,DWORD PTR DS:[4BD890]
004816B1  |.  85C9       TEST ECX,ECX
004816B3  |.  74 22       JE SHORT Ekd5.004816D7
004816B5  |.  8B35 8CD84B00 MOV ESI,DWORD PTR DS:[4BD88C]
004816BB  |.  83EE 04    SUB ESI,4
004816BE  |.  3BF1       CMP ESI,ECX
004816C0  |.  72 15       JB SHORT Ekd5.004816D7
004816C2  |>  8B06       /MOV EAX,DWORD PTR DS:[ESI]
004816C4  |.  85C0       |TEST EAX,EAX
004816C6  |.  74 08       |JE SHORT Ekd5.004816D0
004816C8  |.  FFD0       |CALL EAX
004816CA  |.  8B0D 90D84B00 |MOV ECX,DWORD PTR DS:[4BD890]
004816D0  |>  83EE 04    |SUB ESI,4
004816D3  |.  3BF1       |CMP ESI,ECX
004816D5  |.^ 73 EB       \JNB SHORT Ekd5.004816C2
004816D7  |>  68 34B14800 PUSH Ekd5.0048B134
004816DC  |.  68 30B14800 PUSH Ekd5.0048B130
004816E1  |.  E8 3A000000 CALL Ekd5.00481720
004816E6  |.  83C4 08    ADD ESP,8
004816E9  |>  68 40B14800 PUSH Ekd5.0048B140
004816EE  |.  68 38B14800 PUSH Ekd5.0048B138
004816F3  |.  E8 28000000 CALL Ekd5.00481720
004816F8  |.  83C4 08    ADD ESP,8
004816FB  |.  85DB       TEST EBX,EBX
004816FD  |.  75 11       JNZ SHORT Ekd5.00481710
004816FF  |.  55          PUSH EBP                                              ; /ExitCode
00481700  |.  C705 94CC4B00>MOV DWORD PTR DS:[4BCC94],1                         ; |
0048170A  |.  FF15 C0614800 CALL DWORD PTR DS:[<&KERNEL32.ExitProcess>]          ; \ExitProcess
00481710  |>  5E          POP ESI
00481711  |.  5D          POP EBP
00481712  |.  5B          POP EBX
00481713  \.  C3          RETN

[广告] 真诚支持说岳，携手共创辉煌


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#51

发表于 2007-12-30 21:39 资料个人空间短消息只看该作者

AI

00438308  /$  55          PUSH EBP
00438309  |.  8BEC       MOV EBP,ESP
0043830B  |.  83EC 68    SUB ESP,68
0043830E  |.  53          PUSH EBX
0043830F  |.  56          PUSH ESI
00438310  |.  894D 98    MOV DWORD PTR SS:[EBP-68],ECX
00438313  |.  6A 04       PUSH 4                                  ; /Arg3 = 00000004
00438315  |.  6A 00       PUSH 0                                  ; |Arg2 = 00000000
00438317  |.  6A 00       PUSH 0                                  ; |Arg1 = 00000000
00438319  |.  B9 38EB4A00 MOV ECX,WaGan.004AEB38                ; |
0043831E  |.  E8 1D770400 CALL WaGan.0047FA40                   ; \WaGan.0047FA40
00438323  |.  05 C0120000 ADD EAX,12C0
00438328  |.  8945 B4    MOV DWORD PTR SS:[EBP-4C],EAX
0043832B  |.  8D4D C4    LEA ECX,DWORD PTR SS:[EBP-3C]
0043832E  |.  E8 DD730200 CALL WaGan.0045F710
00438333  |.  8D4D B8    LEA ECX,DWORD PTR SS:[EBP-48]
00438336  |.  E8 D5730200 CALL WaGan.0045F710
0043833B  |.  8A45 18    MOV AL,BYTE PTR SS:[EBP+18]
0043833E  |.  50          PUSH EAX                               ; /Arg2
0043833F  |.  8A4D 14    MOV CL,BYTE PTR SS:[EBP+14]             ; |
00438342  |.  51          PUSH ECX                               ; |Arg1
00438343  |.  8D4D EC    LEA ECX,DWORD PTR SS:[EBP-14]          ; |
00438346  |.  E8 8509FEFF CALL WaGan.00418CD0                   ; \WaGan.00418CD0
0043834B  |.  8B4D 98    MOV ECX,DWORD PTR SS:[EBP-68]
0043834E  |.  E8 BDE3FCFF CALL WaGan.00406710
00438353  |.  8845 C0    MOV BYTE PTR SS:[EBP-40],AL
00438356  |.  C645 BC FF MOV BYTE PTR SS:[EBP-44],0FF
0043835A  |.  C645 FC FF MOV BYTE PTR SS:[EBP-4],0FF
0043835E  |.  C645 F0 FF MOV BYTE PTR SS:[EBP-10],0FF
00438362  |.  C745 E8 01000>MOV DWORD PTR SS:[EBP-18],1
00438369  |.  68 80000000 PUSH 80                               ; /Arg1 = 00000080
0043836E  |.  8B4D 98    MOV ECX,DWORD PTR SS:[EBP-68]          ; |
00438371  |.  E8 7AD7FEFF CALL WaGan.00425AF0                   ; \WaGan.00425AF0
00438376  |.  8945 F4    MOV DWORD PTR SS:[EBP-C],EAX
00438379  |.  8D55 EC    LEA EDX,DWORD PTR SS:[EBP-14]
0043837C  |.  52          PUSH EDX                               ; /Arg2
0043837D  |.  8B45 08    MOV EAX,DWORD PTR SS:[EBP+8]          ; |
00438380  |.  50          PUSH EAX                               ; |Arg1
00438381  |.  E8 9A300000 CALL WaGan.0043B420                   ; \WaGan.0043B420
00438386  |.  83C4 08    ADD ESP,8
00438389  |.  85C0       TEST EAX,EAX
0043838B  |.  74 07       JE SHORT WaGan.00438394
0043838D  |.  0C FF       OR AL,0FF
0043838F  |.  E9 C9050000 JMP WaGan.0043895D
00438394  |>  68 FF000000 PUSH 0FF                               ; /Arg3 = 000000FF
00438399  |.  33C9       XOR ECX,ECX                            ; |
0043839B  |.  8A0D 2C424B00 MOV CL,BYTE PTR DS:[4B422C]             ; | 最大横坐标
004383A1  |.  33D2       XOR EDX,EDX                            ; |
004383A3  |.  8A15 2D424B00 MOV DL,BYTE PTR DS:[4B422D]             ; |  最大纵坐标
004383A9  |.  0FAFCA       IMUL ECX,EDX                            ; |
004383AC  |.  51          PUSH ECX                               ; |Arg2
004383AD  |.  8B45 B4    MOV EAX,DWORD PTR SS:[EBP-4C]          ; |
004383B0  |.  50          PUSH EAX                               ; |Arg1
004383B1  |.  E8 5D790400 CALL WaGan.0047FD13                   ; \WaGan.0047FD13
004383B6  |.  83C4 0C    ADD ESP,0C
004383B9  |.  6A 04       PUSH 4                                  ; /Arg3 = 00000004
004383BB  |.  6A 00       PUSH 0                                  ; |Arg2 = 00000000
004383BD  |.  6A 00       PUSH 0                                  ; |Arg1 = 00000000
004383BF  |.  B9 38EB4A00 MOV ECX,WaGan.004AEB38                ; |
004383C4  |.  E8 77760400 CALL WaGan.0047FA40                   ; \WaGan.0047FA40
004383C9  |.  C680 00190000>MOV BYTE PTR DS:[EAX+1900],0FF
004383D0  |.  8B4D 08    MOV ECX,DWORD PTR SS:[EBP+8]
004383D3  |.  33D2       XOR EDX,EDX
004383D5  |.  8A11       MOV DL,BYTE PTR DS:[ECX]
004383D7  |.  8B45 B4    MOV EAX,DWORD PTR SS:[EBP-4C]
004383DA  |.  03C2       ADD EAX,EDX
004383DC  |.  8B4D 08    MOV ECX,DWORD PTR SS:[EBP+8]
004383DF  |.  33D2       XOR EDX,EDX
004383E1  |.  8A51 01    MOV DL,BYTE PTR DS:[ECX+1]
004383E4  |.  33C9       XOR ECX,ECX
004383E6  |.  8A0D 2C424B00 MOV CL,BYTE PTR DS:[4B422C]
004383EC  |.  0FAFD1       IMUL EDX,ECX
004383EF  |.  C60410 00    MOV BYTE PTR DS:[EAX+EDX],0
004383F3  |.  8B55 10    MOV EDX,DWORD PTR SS:[EBP+10]
004383F6  |.  81E2 FF000000 AND EDX,0FF
004383FC  |.  83E2 04    AND EDX,4
004383FF  |.  85D2       TEST EDX,EDX
00438401  |.  0F84 12010000 JE WaGan.00438519
00438407  |.  C605 4C2C4B00>MOV BYTE PTR DS:[4B2C4C],0
0043840E  |.  C605 282C4B00>MOV BYTE PTR DS:[4B2C28],0FF
00438415  |.  C605 202C4B00>MOV BYTE PTR DS:[4B2C20],0FF
0043841C  |.  C605 442C4B00>MOV BYTE PTR DS:[4B2C44],0FF
00438423  |.  8B45 98    MOV EAX,DWORD PTR SS:[EBP-68]
00438426  |.  8B08       MOV ECX,DWORD PTR DS:[EAX]
00438428  |.  6BC9 48    IMUL ECX,ECX,48
0043842B  |.  81C1 0000D600 ADD ECX,0D60000
00438431  |.  894D A8    MOV DWORD PTR SS:[EBP-58],ECX
00438434  |.  C745 B0 ACC74>MOV DWORD PTR SS:[EBP-50],WaGan.004AC7AC
0043843B  |.  C645 AC 00 MOV BYTE PTR SS:[EBP-54],0
0043843F  |.  EB 09       JMP SHORT WaGan.0043844A
00438441  |>  8A55 AC    /MOV DL,BYTE PTR SS:[EBP-54]
00438444  |.  80C2 01    |ADD DL,1
00438447  |.  8855 AC    |MOV BYTE PTR SS:[EBP-54],DL
0043844A  |>  8B45 AC       MOV EAX,DWORD PTR SS:[EBP-54]
0043844D  |.  25 FF000000 |AND EAX,0FF
00438452  |.  83F8 44    |CMP EAX,44
00438455  |.  0F8D A6000000 |JGE WaGan.00438501
0043845B  |.  8B4D A8    |MOV ECX,DWORD PTR SS:[EBP-58]
0043845E  |.  E8 ADE1FCFF |CALL WaGan.00406610
00438463  |.  25 FF000000 |AND EAX,0FF
00438468  |.  50          |PUSH EAX                               ; /Arg1
00438469  |.  8B4D AC    |MOV ECX,DWORD PTR SS:[EBP-54]          ; |
0043846C  |.  81E1 FF000000 |AND ECX,0FF                            ; |
00438472  |.  6BC9 46    |IMUL ECX,ECX,46                      ; |
00438475  |.  81C1 C0F44A00 |ADD ECX,WaGan.004AF4C0                ; |
0043847B  |.  E8 0011FDFF |CALL WaGan.00409580                   ; \WaGan.00409580
00438480  |.  25 FF000000 |AND EAX,0FF
00438485  |.  85C0       |TEST EAX,EAX
00438487  |.  74 73       |JE SHORT WaGan.004384FC
00438489  |.  8B4D A8    |MOV ECX,DWORD PTR SS:[EBP-58]
0043848C  |.  E8 7FE1FCFF |CALL WaGan.00406610
00438491  |.  25 FF000000 |AND EAX,0FF
00438496  |.  50          |PUSH EAX                               ; /Arg1
00438497  |.  8B4D AC    |MOV ECX,DWORD PTR SS:[EBP-54]          ; |
0043849A  |.  81E1 FF000000 |AND ECX,0FF                            ; |
004384A0  |.  6BC9 46    |IMUL ECX,ECX,46                      ; |
004384A3  |.  81C1 C0F44A00 |ADD ECX,WaGan.004AF4C0                ; |
004384A9  |.  E8 D210FDFF |CALL WaGan.00409580                   ; \WaGan.00409580
004384AE  |.  8AD8       |MOV BL,AL
004384B0  |.  81E3 FF000000 |AND EBX,0FF
004384B6  |.  8B4D A8    |MOV ECX,DWORD PTR SS:[EBP-58]
004384B9  |.  E8 12E1FCFF |CALL WaGan.004065D0
004384BE  |.  25 FF000000 |AND EAX,0FF
004384C3  |.  3BD8       |CMP EBX,EAX
004384C5  |.  7F 35       |JG SHORT WaGan.004384FC
004384C7  |.  8B4D AC    |MOV ECX,DWORD PTR SS:[EBP-54]
004384CA  |.  81E1 FF000000 |AND ECX,0FF
004384D0  |.  6BC9 46    |IMUL ECX,ECX,46
004384D3  |.  81C1 C0F44A00 |ADD ECX,WaGan.004AF4C0
004384D9  |.  E8 F2D5FEFF |CALL WaGan.00425AD0
004384DE  |.  25 FF000000 |AND EAX,0FF
004384E3  |.  8B4D 98    |MOV ECX,DWORD PTR SS:[EBP-68]
004384E6  |.  3941 14    |CMP DWORD PTR DS:[ECX+14],EAX
004384E9  |.  72 11       |JB SHORT WaGan.004384FC
004384EB  |.  8B55 B0    |MOV EDX,DWORD PTR SS:[EBP-50]
004384EE  |.  8A45 AC    |MOV AL,BYTE PTR SS:[EBP-54]
004384F1  |.  8802       |MOV BYTE PTR DS:[EDX],AL
004384F3  |.  8B4D B0    |MOV ECX,DWORD PTR SS:[EBP-50]
004384F6  |.  83C1 01    |ADD ECX,1
004384F9  |.  894D B0    |MOV DWORD PTR SS:[EBP-50],ECX
004384FC  |>^ E9 40FFFFFF \JMP WaGan.00438441
00438501  |>  8B55 B0    MOV EDX,DWORD PTR SS:[EBP-50]
00438504  |.  C602 FF    MOV BYTE PTR DS:[EDX],0FF
00438507  |.  837D F4 00 CMP DWORD PTR SS:[EBP-C],0
0043850B  |.  75 0C       JNZ SHORT WaGan.00438519
0043850D  |.  8B45 08    MOV EAX,DWORD PTR SS:[EBP+8]
00438510  |.  50          PUSH EAX                               ; /Arg1
00438511  |.  8B4D 98    MOV ECX,DWORD PTR SS:[EBP-68]          ; |
00438514  |.  E8 10200000 CALL WaGan.0043A529                   ; \WaGan.0043A529
00438519  |>  8B4D 08    MOV ECX,DWORD PTR SS:[EBP+8]
0043851C  |.  51          PUSH ECX                               ; /Arg1
0043851D  |.  E8 6FD4FFFF CALL WaGan.00435991                   ; \WaGan.00435991
00438522  |.  83C4 04    ADD ESP,4
00438525  |.  8845 C8    MOV BYTE PTR SS:[EBP-38],AL
00438528  |.  8A55 C8    MOV DL,BYTE PTR SS:[EBP-38]
0043852B  |.  52          PUSH EDX                               ; /Arg1
0043852C  |.  8B4D 98    MOV ECX,DWORD PTR SS:[EBP-68]          ; |
0043852F  |.  E8 9B720000 CALL WaGan.0043F7CF                   ; \WaGan.0043F7CF
00438534  |.  25 FF000000 AND EAX,0FF
00438539  |.  3D FF000000 CMP EAX,0FF
0043853E  |.  75 07       JNZ SHORT WaGan.00438547
00438540  |.  0C FF       OR AL,0FF
00438542  |.  E9 16040000 JMP WaGan.0043895D
00438547  |>  C645 E0 00 MOV BYTE PTR SS:[EBP-20],0
0043854B  |.  EB 06       JMP SHORT WaGan.00438553
0043854D  |>  8A45 BC    /MOV AL,BYTE PTR SS:[EBP-44]
00438550  |.  8845 E0    |MOV BYTE PTR SS:[EBP-20],AL
00438553  |>  837D E8 00    CMP DWORD PTR SS:[EBP-18],0
00438557  |.  0F84 FE030000 |JE WaGan.0043895B
0043855D  |.  8B4D E0    |MOV ECX,DWORD PTR SS:[EBP-20]
00438560  |.  81E1 FF000000 |AND ECX,0FF
00438566  |.  8B55 0C    |MOV EDX,DWORD PTR SS:[EBP+C]
00438569  |.  81E2 FF000000 |AND EDX,0FF
0043856F  |.  3BCA       |CMP ECX,EDX
00438571  |.  0F8D E4030000 |JGE WaGan.0043895B
00438577  |.  C745 E8 00000>|MOV DWORD PTR SS:[EBP-18],0
0043857E  |.  C645 BC FF |MOV BYTE PTR SS:[EBP-44],0FF
00438582  |.  C645 FC FF |MOV BYTE PTR SS:[EBP-4],0FF
00438586  |.  C745 D0 00000>|MOV DWORD PTR SS:[EBP-30],0
0043858D  |.  EB 09       |JMP SHORT WaGan.00438598
0043858F  |>  8B45 D0    |/MOV EAX,DWORD PTR SS:[EBP-30]
00438592  |.  83C0 01    ||ADD EAX,1
00438595  |.  8945 D0    ||MOV DWORD PTR SS:[EBP-30],EAX
00438598  |>  33C9       | XOR ECX,ECX
0043859A  |.  8A0D 2D424B00 ||MOV CL,BYTE PTR DS:[4B422D]
004385A0  |.  394D D0    ||CMP DWORD PTR SS:[EBP-30],ECX
004385A3  |.  0F83 AD030000 ||JNB WaGan.00438956
004385A9  |.  C745 DC 00000>||MOV DWORD PTR SS:[EBP-24],0
004385B0  |.  EB 09       ||JMP SHORT WaGan.004385BB
004385B2  |>  8B55 DC    ||/MOV EDX,DWORD PTR SS:[EBP-24]
004385B5  |.  83C2 01    |||ADD EDX,1
004385B8  |.  8955 DC    |||MOV DWORD PTR SS:[EBP-24],EDX
004385BB  |>  33C0       || XOR EAX,EAX
004385BD  |.  A0 2C424B00 |||MOV AL,BYTE PTR DS:[4B422C]
004385C2  |.  3945 DC    |||CMP DWORD PTR SS:[EBP-24],EAX
004385C5  |.  0F83 45030000 |||JNB WaGan.00438910
004385CB  |.  8B4D B4    |||MOV ECX,DWORD PTR SS:[EBP-4C]
004385CE  |.  034D DC    |||ADD ECX,DWORD PTR SS:[EBP-24]
004385D1  |.  33D2       |||XOR EDX,EDX
004385D3  |.  8A15 2C424B00 |||MOV DL,BYTE PTR DS:[4B422C]
004385D9  |.  8B45 D0    |||MOV EAX,DWORD PTR SS:[EBP-30]
004385DC  |.  0FAFC2       |||IMUL EAX,EDX
004385DF  |.  8A0C01       |||MOV CL,BYTE PTR DS:[ECX+EAX]
004385E2  |.  884D A4    |||MOV BYTE PTR SS:[EBP-5C],CL
004385E5  |.  8B55 A4    |||MOV EDX,DWORD PTR SS:[EBP-5C]
004385E8  |.  81E2 FF000000 |||AND EDX,0FF
004385EE  |.  8B45 E0    |||MOV EAX,DWORD PTR SS:[EBP-20]
004385F1  |.  25 FF000000 |||AND EAX,0FF
004385F6  |.  3BD0       |||CMP EDX,EAX
004385F8  |.  7E 2C       |||JLE SHORT WaGan.00438626
004385FA  |.  8B4D A4    |||MOV ECX,DWORD PTR SS:[EBP-5C]
004385FD  |.  81E1 FF000000 |||AND ECX,0FF
00438603  |.  81F9 FF000000 |||CMP ECX,0FF
00438609  |.  74 1B       |||JE SHORT WaGan.00438626
0043860B  |.  8B55 FC    |||MOV EDX,DWORD PTR SS:[EBP-4]
0043860E  |.  81E2 FF000000 |||AND EDX,0FF
00438614  |.  8B45 A4    |||MOV EAX,DWORD PTR SS:[EBP-5C]
00438617  |.  25 FF000000 |||AND EAX,0FF
0043861C  |.  3BD0       |||CMP EDX,EAX
0043861E  |.  7E 06       |||JLE SHORT WaGan.00438626
00438620  |.  8A4D A4    |||MOV CL,BYTE PTR SS:[EBP-5C]
00438623  |.  884D FC    |||MOV BYTE PTR SS:[EBP-4],CL
00438626  |>  8B55 A4    |||MOV EDX,DWORD PTR SS:[EBP-5C]
00438629  |.  81E2 FF000000 |||AND EDX,0FF
0043862F  |.  8B45 E0    |||MOV EAX,DWORD PTR SS:[EBP-20]
00438632  |.  25 FF000000 |||AND EAX,0FF
00438637  |.  3BD0       |||CMP EDX,EAX
00438639  |.  74 05       |||JE SHORT WaGan.00438640
0043863B  |.^ E9 72FFFFFF |||JMP WaGan.004385B2
00438640  |>  8A4D DC    |||MOV CL,BYTE PTR SS:[EBP-24]
00438643  |.  884D C4    |||MOV BYTE PTR SS:[EBP-3C],CL
00438646  |.  8A55 D0    |||MOV DL,BYTE PTR SS:[EBP-30]
00438649  |.  8855 C5    |||MOV BYTE PTR SS:[EBP-3B],DL
0043864C  |.  8D45 C4    |||LEA EAX,DWORD PTR SS:[EBP-3C]
0043864F  |.  50          |||PUSH EAX                            ; /Arg2
00438650  |.  8B4D 08    |||MOV ECX,DWORD PTR SS:[EBP+8]       ; |
00438653  |.  51          |||PUSH ECX                            ; |Arg1
00438654  |.  E8 C72D0000 |||CALL WaGan.0043B420                ; \WaGan.0043B420
00438659  |.  83C4 08    |||ADD ESP,8
0043865C  |.  85C0       |||TEST EAX,EAX
0043865E  |.  75 1B       |||JNZ SHORT WaGan.0043867B
00438660  |.  837D 1C 00 |||CMP DWORD PTR SS:[EBP+1C],0
00438664  |.  74 15       |||JE SHORT WaGan.0043867B
00438666  |.  8D55 C4    |||LEA EDX,DWORD PTR SS:[EBP-3C]
00438669  |.  52          |||PUSH EDX                            ; /Arg1
0043866A  |.  8B4D 98    |||MOV ECX,DWORD PTR SS:[EBP-68]       ; |
0043866D  |.  E8 E7F6FFFF |||CALL WaGan.00437D59                ; \WaGan.00437D59
00438672  |.  85C0       |||TEST EAX,EAX
00438674  |.  74 05       |||JE SHORT WaGan.0043867B
00438676  |.^ E9 37FFFFFF |||JMP WaGan.004385B2
0043867B  |>  C745 CC 00000>|||MOV DWORD PTR SS:[EBP-34],0
00438682  |.  EB 09       |||JMP SHORT WaGan.0043868D
00438684  |>  8B45 CC    |||/MOV EAX,DWORD PTR SS:[EBP-34]
00438687  |.  83C0 01    ||||ADD EAX,1
0043868A  |.  8945 CC    ||||MOV DWORD PTR SS:[EBP-34],EAX
0043868D  |>  837D CC 04 ||| CMP DWORD PTR SS:[EBP-34],4
00438691  |.  0F83 74020000 ||||JNB WaGan.0043890B
00438697  |.  8A4D CC    ||||MOV CL,BYTE PTR SS:[EBP-34]
0043869A  |.  51          ||||PUSH ECX                            ; /Arg2
0043869B  |.  8D55 C4    ||||LEA EDX,DWORD PTR SS:[EBP-3C]       ; |
0043869E  |.  52          ||||PUSH EDX                            ; |Arg1
0043869F  |.  E8 51D3FFFF ||||CALL WaGan.004359F5                ; \WaGan.004359F5
004386A4  |.  83C4 08    ||||ADD ESP,8
004386A7  |.  50          ||||PUSH EAX                            ; /Arg1
004386A8  |.  8D4D B8    ||||LEA ECX,DWORD PTR SS:[EBP-48]       ; |
004386AB  |.  E8 F0DEFCFF ||||CALL WaGan.004065A0                ; \WaGan.004065A0
004386B0  |.  8B45 B8    ||||MOV EAX,DWORD PTR SS:[EBP-48]
004386B3  |.  25 FF000000 ||||AND EAX,0FF
004386B8  |.  3D FF000000 ||||CMP EAX,0FF
004386BD  |.  75 02       ||||JNZ SHORT WaGan.004386C1
004386BF  |.^ EB C3       ||||JMP SHORT WaGan.00438684
004386C1  |>  8B4D B8    ||||MOV ECX,DWORD PTR SS:[EBP-48]
004386C4  |.  81E1 FF000000 ||||AND ECX,0FF
004386CA  |.  8B55 B9    ||||MOV EDX,DWORD PTR SS:[EBP-47]
004386CD  |.  81E2 FF000000 ||||AND EDX,0FF
004386D3  |.  33C0       ||||XOR EAX,EAX
004386D5  |.  A0 2C424B00 ||||MOV AL,BYTE PTR DS:[4B422C]
004386DA  |.  0FAFD0       ||||IMUL EDX,EAX
004386DD  |.  03CA       ||||ADD ECX,EDX
004386DF  |.  894D E4    ||||MOV DWORD PTR SS:[EBP-1C],ECX
004386E2  |.  8B4D B4    ||||MOV ECX,DWORD PTR SS:[EBP-4C]
004386E5  |.  034D E4    ||||ADD ECX,DWORD PTR SS:[EBP-1C]
004386E8  |.  894D D4    ||||MOV DWORD PTR SS:[EBP-2C],ECX
004386EB  |.  6A 04       ||||PUSH 4                            ; /Arg3 = 00000004
004386ED  |.  6A 00       ||||PUSH 0                            ; |Arg2 = 00000000
004386EF  |.  6A 00       ||||PUSH 0                            ; |Arg1 = 00000000
004386F1  |.  B9 38EB4A00 ||||MOV ECX,WaGan.004AEB38             ; |
004386F6  |.  E8 45730400 ||||CALL WaGan.0047FA40                ; \WaGan.0047FA40
004386FB  |.  8B55 E4    ||||MOV EDX,DWORD PTR SS:[EBP-1C]
004386FE  |.  8D8410 800C00>||||LEA EAX,DWORD PTR DS:[EAX+EDX+C80]
00438705  |.  8945 D8    ||||MOV DWORD PTR SS:[EBP-28],EAX
00438708  |.  6A 04       ||||PUSH 4                            ; /Arg3 = 00000004
0043870A  |.  6A 00       ||||PUSH 0                            ; |Arg2 = 00000000
0043870C  |.  6A 00       ||||PUSH 0                            ; |Arg1 = 00000000
0043870E  |.  B9 68AB4A00 ||||MOV ECX,WaGan.004AAB68             ; |
00438713  |.  E8 28730400 ||||CALL WaGan.0047FA40                ; \WaGan.0047FA40
00438718  |.  8B4D E4    ||||MOV ECX,DWORD PTR SS:[EBP-1C]
0043871B  |.  8D9408 400600>||||LEA EDX,DWORD PTR DS:[EAX+ECX+640]
00438722  |.  8955 F8    ||||MOV DWORD PTR SS:[EBP-8],EDX
00438725  |.  8B45 D4    ||||MOV EAX,DWORD PTR SS:[EBP-2C]
00438728  |.  33C9       ||||XOR ECX,ECX
0043872A  |.  8A08       ||||MOV CL,BYTE PTR DS:[EAX]
0043872C  |.  81F9 FF000000 ||||CMP ECX,0FF
00438732  |.  0F85 CE010000 ||||JNZ WaGan.00438906
00438738  |.  8D55 B8    ||||LEA EDX,DWORD PTR SS:[EBP-48]
0043873B  |.  52          ||||PUSH EDX                            ; /Arg1
0043873C  |.  E8 50D2FFFF ||||CALL WaGan.00435991                ; \WaGan.00435991
00438741  |.  83C4 04    ||||ADD ESP,4
00438744  |.  8845 9C    ||||MOV BYTE PTR SS:[EBP-64],AL
00438747  |.  8A45 9C    ||||MOV AL,BYTE PTR SS:[EBP-64]
0043874A  |.  50          ||||PUSH EAX                            ; /Arg1
0043874B  |.  8B4D 98    ||||MOV ECX,DWORD PTR SS:[EBP-68]       ; |
0043874E  |.  E8 7C700000 ||||CALL WaGan.0043F7CF                ; \WaGan.0043F7CF
00438753  |.  8845 A0    ||||MOV BYTE PTR SS:[EBP-60],AL
00438756  |.  8B4D A0    ||||MOV ECX,DWORD PTR SS:[EBP-60]
00438759  |.  81E1 FF000000 ||||AND ECX,0FF
0043875F  |.  81F9 FF000000 ||||CMP ECX,0FF
00438765  |.  74 5E       ||||JE SHORT WaGan.004387C5
00438767  |.  8B55 A0    ||||MOV EDX,DWORD PTR SS:[EBP-60]
0043876A  |.  81E2 FF000000 ||||AND EDX,0FF
00438770  |.  8B45 A4    ||||MOV EAX,DWORD PTR SS:[EBP-5C]
00438773  |.  25 FF000000 ||||AND EAX,0FF
00438778  |.  03D0       ||||ADD EDX,EAX
0043877A  |.  8B4D 0C    ||||MOV ECX,DWORD PTR SS:[EBP+C]
0043877D  |.  81E1 FF000000 ||||AND ECX,0FF
00438783  |.  3BD1       ||||CMP EDX,ECX
00438785  |.  7F 3E       ||||JG SHORT WaGan.004387C5
00438787  |.  8B55 D8    ||||MOV EDX,DWORD PTR SS:[EBP-28]
0043878A  |.  33C0       ||||XOR EAX,EAX
0043878C  |.  8A02       ||||MOV AL,BYTE PTR DS:[EDX]
0043878E  |.  3D FF000000 ||||CMP EAX,0FF
00438793  |.  74 35       ||||JE SHORT WaGan.004387CA
00438795  |.  8B75 C0    ||||MOV ESI,DWORD PTR SS:[EBP-40]
00438798  |.  81E6 FF000000 ||||AND ESI,0FF
0043879E  |.  8B4D D8    ||||MOV ECX,DWORD PTR SS:[EBP-28]
004387A1  |.  33D2       ||||XOR EDX,EDX
004387A3  |.  8A11       ||||MOV DL,BYTE PTR DS:[ECX]
004387A5  |.  8BCA       ||||MOV ECX,EDX
004387A7  |.  6BC9 24    ||||IMUL ECX,ECX,24
004387AA  |.  81C1 502C4B00 ||||ADD ECX,WaGan.004B2C50
004387B0  |.  E8 5BDFFCFF ||||CALL WaGan.00406710
004387B5  |.  3BF0       ||||CMP ESI,EAX
004387B7  |.  74 11       ||||JE SHORT WaGan.004387CA
004387B9  |.  837D 1C 00 ||||CMP DWORD PTR SS:[EBP+1C],0
004387BD  |.  75 06       ||||JNZ SHORT WaGan.004387C5
004387BF  |.  837D F4 00 ||||CMP DWORD PTR SS:[EBP-C],0
004387C3  |.  75 05       ||||JNZ SHORT WaGan.004387CA
004387C5  |>^ E9 BAFEFFFF ||||JMP WaGan.00438684
004387CA  |>  8B45 A4    ||||MOV EAX,DWORD PTR SS:[EBP-5C]
004387CD  |.  25 FF000000 ||||AND EAX,0FF
004387D2  |.  8B4D A0    ||||MOV ECX,DWORD PTR SS:[EBP-60]
004387D5  |.  81E1 FF000000 ||||AND ECX,0FF
004387DB  |.  03C1       ||||ADD EAX,ECX
004387DD  |.  8B55 D4    ||||MOV EDX,DWORD PTR SS:[EBP-2C]
004387E0  |.  8802       ||||MOV BYTE PTR DS:[EDX],AL
004387E2  |.  C745 E8 01000>||||MOV DWORD PTR SS:[EBP-18],1
004387E9  |.  8B45 BC    ||||MOV EAX,DWORD PTR SS:[EBP-44]
004387EC  |.  25 FF000000 ||||AND EAX,0FF
004387F1  |.  8B4D D4    ||||MOV ECX,DWORD PTR SS:[EBP-2C]
004387F4  |.  33D2       ||||XOR EDX,EDX
004387F6  |.  8A11       ||||MOV DL,BYTE PTR DS:[ECX]
004387F8  |.  3BC2       ||||CMP EAX,EDX
004387FA  |.  7E 49       ||||JLE SHORT WaGan.00438845
004387FC  |.  837D 1C 00 ||||CMP DWORD PTR SS:[EBP+1C],0
00438800  |.  74 3B       ||||JE SHORT WaGan.0043883D
00438802  |.  837D F4 00 ||||CMP DWORD PTR SS:[EBP-C],0
00438806  |.  75 35       ||||JNZ SHORT WaGan.0043883D
00438808  |.  8D45 B8    ||||LEA EAX,DWORD PTR SS:[EBP-48]
0043880B  |.  50          ||||PUSH EAX                            ; /Arg1
0043880C  |.  8B4D 98    ||||MOV ECX,DWORD PTR SS:[EBP-68]       ; |
0043880F  |.  E8 45F5FFFF ||||CALL WaGan.00437D59                ; \WaGan.00437D59
00438814  |.  85C0       ||||TEST EAX,EAX
00438816  |.  75 23       ||||JNZ SHORT WaGan.0043883B
00438818  |.  8B4D D4    ||||MOV ECX,DWORD PTR SS:[EBP-2C]
0043881B  |.  8A11       ||||MOV DL,BYTE PTR DS:[ECX]
0043881D  |.  8855 BC    ||||MOV BYTE PTR SS:[EBP-44],DL
00438820  |.  8B45 BC    ||||MOV EAX,DWORD PTR SS:[EBP-44]
00438823  |.  25 FF000000 ||||AND EAX,0FF
00438828  |.  8B4D FC    ||||MOV ECX,DWORD PTR SS:[EBP-4]
0043882B  |.  81E1 FF000000 ||||AND ECX,0FF
00438831  |.  3BC1       ||||CMP EAX,ECX
00438833  |.  7E 06       ||||JLE SHORT WaGan.0043883B
00438835  |.  8A55 FC    ||||MOV DL,BYTE PTR SS:[EBP-4]
00438838  |.  8855 BC    ||||MOV BYTE PTR SS:[EBP-44],DL
0043883B  |>  EB 08       ||||JMP SHORT WaGan.00438845
0043883D  |>  8B45 D4    ||||MOV EAX,DWORD PTR SS:[EBP-2C]
00438840  |.  8A08       ||||MOV CL,BYTE PTR DS:[EAX]
00438842  |.  884D BC    ||||MOV BYTE PTR SS:[EBP-44],CL
00438845  |>  8B55 10    ||||MOV EDX,DWORD PTR SS:[EBP+10]
00438848  |.  81E2 FF000000 ||||AND EDX,0FF
0043884E  |.  83E2 08    ||||AND EDX,8
00438851  |.  85D2       ||||TEST EDX,EDX
00438853  |.  74 6D       ||||JE SHORT WaGan.004388C2
00438855  |.  6A 04       ||||PUSH 4                            ; /Arg3 = 00000004
00438857  |.  6A 00       ||||PUSH 0                            ; |Arg2 = 00000000
00438859  |.  6A 00       ||||PUSH 0                            ; |Arg1 = 00000000
0043885B  |.  B9 68AB4A00 ||||MOV ECX,WaGan.004AAB68             ; |
00438860  |.  E8 DB710400 ||||CALL WaGan.0047FA40                ; \WaGan.0047FA40
00438865  |.  8B4D E4    ||||MOV ECX,DWORD PTR SS:[EBP-1C]
00438868  |.  33D2       ||||XOR EDX,EDX
0043886A  |.  8A1408       ||||MOV DL,BYTE PTR DS:[EAX+ECX]
0043886D  |.  81FA FF000000 ||||CMP EDX,0FF
00438873  |.  74 4D       ||||JE SHORT WaGan.004388C2
00438875  |.  6A 04       ||||PUSH 4                            ; /Arg3 = 00000004
00438877  |.  6A 00       ||||PUSH 0                            ; |Arg2 = 00000000
00438879  |.  6A 00       ||||PUSH 0                            ; |Arg1 = 00000000
0043887B  |.  B9 68AB4A00 ||||MOV ECX,WaGan.004AAB68             ; |
00438880  |.  E8 BB710400 ||||CALL WaGan.0047FA40                ; \WaGan.0047FA40
00438885  |.  8B4D E4    ||||MOV ECX,DWORD PTR SS:[EBP-1C]
00438888  |.  33D2       ||||XOR EDX,EDX
0043888A  |.  8A1408       ||||MOV DL,BYTE PTR DS:[EAX+ECX]
0043888D  |.  8BCA       ||||MOV ECX,EDX
0043888F  |.  6BC9 24    ||||IMUL ECX,ECX,24
00438892  |.  81C1 502C4B00 ||||ADD ECX,WaGan.004B2C50
00438898  |.  E8 F303FEFF ||||CALL WaGan.00418C90
0043889D  |.  25 FF000000 ||||AND EAX,0FF
004388A2  |.  83F8 02    ||||CMP EAX,2
004388A5  |.  75 1B       ||||JNZ SHORT WaGan.004388C2
004388A7  |.  6A 04       ||||PUSH 4                            ; /Arg3 = 00000004
004388A9  |.  6A 00       ||||PUSH 0                            ; |Arg2 = 00000000
004388AB  |.  6A 00       ||||PUSH 0                            ; |Arg1 = 00000000
004388AD  |.  B9 68AB4A00 ||||MOV ECX,WaGan.004AAB68             ; |
004388B2  |.  E8 89710400 ||||CALL WaGan.0047FA40                ; \WaGan.0047FA40
004388B7  |.  8B4D E4    ||||MOV ECX,DWORD PTR SS:[EBP-1C]
004388BA  |.  8A0408       ||||MOV AL,BYTE PTR DS:[EAX+ECX]
004388BD  |.  E9 9B000000 ||||JMP WaGan.0043895D
004388C2  |>  8B55 10    ||||MOV EDX,DWORD PTR SS:[EBP+10]
004388C5  |.  81E2 FF000000 ||||AND EDX,0FF
004388CB  |.  83E2 02    ||||AND EDX,2
004388CE  |.  85D2       ||||TEST EDX,EDX
004388D0  |.  74 18       ||||JE SHORT WaGan.004388EA
004388D2  |.  8D45 EC    ||||LEA EAX,DWORD PTR SS:[EBP-14]
004388D5  |.  50          ||||PUSH EAX                            ; /Arg2
004388D6  |.  8D4D B8    ||||LEA ECX,DWORD PTR SS:[EBP-48]       ; |
004388D9  |.  51          ||||PUSH ECX                            ; |Arg1
004388DA  |.  E8 412B0000 ||||CALL WaGan.0043B420                ; \WaGan.0043B420
004388DF  |.  83C4 08    ||||ADD ESP,8
004388E2  |.  85C0       ||||TEST EAX,EAX
004388E4  |.  74 04       ||||JE SHORT WaGan.004388EA
004388E6  |.  B0 01       ||||MOV AL,1
004388E8  |.  EB 73       ||||JMP SHORT WaGan.0043895D
004388EA  |>  8B55 10    ||||MOV EDX,DWORD PTR SS:[EBP+10]
004388ED  |.  81E2 FF000000 ||||AND EDX,0FF
004388F3  |.  83E2 04    ||||AND EDX,4
004388F6  |.  85D2       ||||TEST EDX,EDX
004388F8  |.  74 0C       ||||JE SHORT WaGan.00438906
004388FA  |.  8D45 B8    ||||LEA EAX,DWORD PTR SS:[EBP-48]
004388FD  |.  50          ||||PUSH EAX                            ; /Arg1
004388FE  |.  8B4D 98    ||||MOV ECX,DWORD PTR SS:[EBP-68]       ; |
00438901  |.  E8 231C0000 ||||CALL WaGan.0043A529                ; \WaGan.0043A529
00438906  |>^ E9 79FDFFFF |||\JMP WaGan.00438684
0043890B  |>^ E9 A2FCFFFF ||\JMP WaGan.004385B2
00438910  |>  837D E8 00 ||CMP DWORD PTR SS:[EBP-18],0
00438914  |.  75 20       ||JNZ SHORT WaGan.00438936
00438916  |.  8B4D FC    ||MOV ECX,DWORD PTR SS:[EBP-4]
00438919  |.  81E1 FF000000 ||AND ECX,0FF
0043891F  |.  81F9 FF000000 ||CMP ECX,0FF
00438925  |.  74 0D       ||JE SHORT WaGan.00438934
00438927  |.  8A55 FC    ||MOV DL,BYTE PTR SS:[EBP-4]
0043892A  |.  8855 BC    ||MOV BYTE PTR SS:[EBP-44],DL
0043892D  |.  C745 E8 01000>||MOV DWORD PTR SS:[EBP-18],1
00438934  |>  EB 1B       ||JMP SHORT WaGan.00438951
00438936  |>  8B45 BC    ||MOV EAX,DWORD PTR SS:[EBP-44]
00438939  |.  25 FF000000 ||AND EAX,0FF
0043893E  |.  8B4D FC    ||MOV ECX,DWORD PTR SS:[EBP-4]
00438941  |.  81E1 FF000000 ||AND ECX,0FF
00438947  |.  3BC1       ||CMP EAX,ECX
00438949  |.  7E 06       ||JLE SHORT WaGan.00438951
0043894B  |.  8A55 FC    ||MOV DL,BYTE PTR SS:[EBP-4]
0043894E  |.  8855 BC    ||MOV BYTE PTR SS:[EBP-44],DL
00438951  |>^ E9 39FCFFFF |\JMP WaGan.0043858F
00438956  |>^ E9 F2FBFFFF \JMP WaGan.0043854D
0043895B  |>  0C FF       OR AL,0FF
0043895D  |>  5E          POP ESI
0043895E  |.  5B          POP EBX
0043895F  |.  8BE5       MOV ESP,EBP
00438961  |.  5D          POP EBP
00438962  \.  C2 1800    RETN 18
EBP+8目标地址

EBP-C 估算值
EBP-14 AI武将战场内存地址
  438901,438514两处调用
0043A529  /$  55          PUSH EBP
0043A52A  |.  8BEC       MOV EBP,ESP
0043A52C  |.  83EC 20    SUB ESP,20
0043A52F  |.  894D EC    MOV DWORD PTR SS:[EBP-14],ECX
0043A532  |.  6A 04       PUSH 4                                     ; /Arg3 = 00000004
0043A534  |.  6A 00       PUSH 0                                     ; |Arg2 = 00000000
0043A536  |.  6A 00       PUSH 0                                     ; |Arg1 = 00000000
0043A538  |.  B9 68AB4A00 MOV ECX,WaGan.004AAB68                      ; |
0043A53D  |.  E8 FE540400 CALL WaGan.0047FA40                         ; \WaGan.0047FA40  (hPic_GetMemPtr)
0043A542  |.  8B4D 08    MOV ECX,DWORD PTR SS:[EBP+8]
0043A545  |.  33D2       XOR EDX,EDX
0043A547  |.  8A11       MOV DL,BYTE PTR DS:[ECX]
0043A549  |.  8D8410 400600>LEA EAX,DWORD PTR DS:[EAX+EDX+640]
0043A550  |.  8B4D 08    MOV ECX,DWORD PTR SS:[EBP+8]
0043A553  |.  33D2       XOR EDX,EDX
0043A555  |.  8A51 01    MOV DL,BYTE PTR DS:[ECX+1]
0043A558  |.  33C9       XOR ECX,ECX
0043A55A  |.  8A0D 2C424B00 MOV CL,BYTE PTR DS:[4B422C]
0043A560  |.  0FAFD1       IMUL EDX,ECX
0043A563  |.  03C2       ADD EAX,EDX
0043A565  |.  8945 F8    MOV DWORD PTR SS:[EBP-8],EAX
0043A568  |.  C645 F4 00 MOV BYTE PTR SS:[EBP-C],0
0043A56C  |.  C645 FC 00 MOV BYTE PTR SS:[EBP-4],0
0043A570  |.  8B55 08    MOV EDX,DWORD PTR SS:[EBP+8]
0043A573  |.  52          PUSH EDX                                  ; /Arg1
0043A574  |.  E8 0BB3FFFF CALL WaGan.00435884                         ; \WaGan.00435884
0043A579  |.  83C4 04    ADD ESP,4
0043A57C  |.  25 FF000000 AND EAX,0FF
0043A581  |.  3D FF000000 CMP EAX,0FF
0043A586  |.  74 1B       JE SHORT WaGan.0043A5A3
0043A588  |.  8B45 EC    MOV EAX,DWORD PTR SS:[EBP-14]
0043A58B  |.  83C0 06    ADD EAX,6                   AI武将当前坐标
0043A58E  |.  50          PUSH EAX                                  ; /Arg2
0043A58F  |.  8B4D 08    MOV ECX,DWORD PTR SS:[EBP+8]                ; |
0043A592  |.  51          PUSH ECX                                  ; |Arg1
0043A593  |.  E8 880E0000 CALL WaGan.0043B420       人物移动处理,比较两地址是否相同，是则是到达目的地，返回1
0043A598  |.  83C4 08    ADD ESP,8
0043A59B  |.  85C0       TEST EAX,EAX
0043A59D  |.  0F84 20020000 JE WaGan.0043A7C3       不能达到，结束
0043A5A3  |>  68 80000000 PUSH 80                                     ; /Arg1 = 00000080  剧本移动中
0043A5A8  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]             ; |
0043A5AB  |.  E8 40B5FEFF CALL WaGan.00425AF0                      判断Ecx武将行动是否结束 (08栈是80,04,02)
0043A5B0  |.  85C0       TEST EAX,EAX
0043A5B2  |.  0F85 73010000 JNZ WaGan.0043A72B
0043A5B8  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]
0043A5BB  |.  E8 10B5FEFF CALL WaGan.00425AD0       返回武将的是否可控制标记
0043A5C0  |.  25 FF000000 AND EAX,0FF
0043A5C5  |.  83F8 04    CMP EAX,4
0043A5C8  |.  0F84 B8000000 JE WaGan.0043A686    跳转
0043A5CE  |.  6A 04       PUSH 4                                     ; /Arg3 = 00000004
0043A5D0  |.  6A 00       PUSH 0                                     ; |Arg2 = 00000000
0043A5D2  |.  6A 00       PUSH 0                                     ; |Arg1 = 00000000
0043A5D4  |.  B9 68AB4A00 MOV ECX,WaGan.004AAB68                      ; |
0043A5D9  |.  E8 62540400 CALL WaGan.0047FA40                         ; \WaGan.0047FA40
0043A5DE  |.  8B55 08    MOV EDX,DWORD PTR SS:[EBP+8]
0043A5E1  |.  33C9       XOR ECX,ECX
0043A5E3  |.  8A0A       MOV CL,BYTE PTR DS:[EDX]
0043A5E5  |.  03C1       ADD EAX,ECX
0043A5E7  |.  8B55 08    MOV EDX,DWORD PTR SS:[EBP+8]
0043A5EA  |.  33C9       XOR ECX,ECX
0043A5EC  |.  8A4A 01    MOV CL,BYTE PTR DS:[EDX+1]
0043A5EF  |.  33D2       XOR EDX,EDX
0043A5F1  |.  8A15 2C424B00 MOV DL,BYTE PTR DS:[4B422C]
0043A5F7  |.  0FAFCA       IMUL ECX,EDX
0043A5FA  |.  33D2       XOR EDX,EDX
0043A5FC  |.  8A1408       MOV DL,BYTE PTR DS:[EAX+ECX]
0043A5FF  |.  81FA FF000000 CMP EDX,0FF
0043A605  |.  75 17       JNZ SHORT WaGan.0043A61E
0043A607  |.  8B45 EC    MOV EAX,DWORD PTR SS:[EBP-14]
0043A60A  |.  83C0 06    ADD EAX,6
0043A60D  |.  50          PUSH EAX                                  ; /Arg2
0043A60E  |.  8B4D 08    MOV ECX,DWORD PTR SS:[EBP+8]                ; |
0043A611  |.  51          PUSH ECX                                  ; |Arg1
0043A612  |.  E8 090E0000 CALL WaGan.0043B420       人物移动处理,比较两地址是否相同，是则是到达目的地，返回1
0043A617  |.  83C4 08    ADD ESP,8
0043A61A  |.  85C0       TEST EAX,EAX
0043A61C  |.  74 0F       JE SHORT WaGan.0043A62D
0043A61E  |>  8B55 08    MOV EDX,DWORD PTR SS:[EBP+8]
0043A621  |.  52          PUSH EDX                                  ; /Arg1  坐标地址
0043A622  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]             ; |
0043A625  |.  E8 3BE3FFFF CALL WaGan.00438965                         ; \WaGan.00438965  对这个位置进行估算
0043A62A  |.  8845 F4    MOV BYTE PTR SS:[EBP-C],AL
0043A62D  |>  6A 04       PUSH 4                                     ; /Arg1 = 00000004
0043A62F  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]             ; |
0043A632  |.  E8 A9C0FCFF CALL WaGan.004066E0                         ; \WaGan.004066E0  判断武将是否禁咒
0043A637  |.  85C0       TEST EAX,EAX
0043A639  |.  75 0F       JNZ SHORT WaGan.0043A64A    禁咒跳转
0043A63B  |.  8B45 08    MOV EAX,DWORD PTR SS:[EBP+8]
0043A63E  |.  50          PUSH EAX                                  ; /Arg1
0043A63F  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]             ; |
0043A642  |.  E8 95EBFFFF CALL WaGan.004391DC                         ; \WaGan.004391DC
0043A647  |.  8845 FC    MOV BYTE PTR SS:[EBP-4],AL
0043A64A  |>  8B4D F4    MOV ECX,DWORD PTR SS:[EBP-C]
0043A64D  |.  81E1 FF000000 AND ECX,0FF
0043A653  |.  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]
0043A656  |.  81E2 FF000000 AND EDX,0FF
0043A65C  |.  3BCA       CMP ECX,EDX
0043A65E  |.  7E 0D       JLE SHORT WaGan.0043A66D
0043A660  |.  8B45 F4    MOV EAX,DWORD PTR SS:[EBP-C]
0043A663  |.  25 FF000000 AND EAX,0FF
0043A668  |.  8945 E8    MOV DWORD PTR SS:[EBP-18],EAX
0043A66B  |.  EB 0C       JMP SHORT WaGan.0043A679
0043A66D  |>  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
0043A670  |.  81E1 FF000000 AND ECX,0FF
0043A676  |.  894D E8    MOV DWORD PTR SS:[EBP-18],ECX
0043A679  |>  8B55 F8    MOV EDX,DWORD PTR SS:[EBP-8]
0043A67C  |.  8A02       MOV AL,BYTE PTR DS:[EDX]
0043A67E  |.  0245 E8    ADD AL,BYTE PTR SS:[EBP-18]
0043A681  |.  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]
0043A684  |.  8801       MOV BYTE PTR DS:[ECX],AL
0043A686  |>  8B55 08    MOV EDX,DWORD PTR SS:[EBP+8]
0043A689  |.  52          PUSH EDX                                  ; /Arg1
0043A68A  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]             ; |
0043A68D  |.  E8 2DFEFFFF CALL WaGan.0043A4BF                         ; \WaGan.0043A4BF
0043A692  |.  8945 F0    MOV DWORD PTR SS:[EBP-10],EAX
0043A695  |.  8B45 F8    MOV EAX,DWORD PTR SS:[EBP-8]
0043A698  |.  33C9       XOR ECX,ECX
0043A69A  |.  8A08       MOV CL,BYTE PTR DS:[EAX]
0043A69C  |.  BA FF000000 MOV EDX,0FF
0043A6A1  |.  2BD1       SUB EDX,ECX
0043A6A3  |.  3955 F0    CMP DWORD PTR SS:[EBP-10],EDX
0043A6A6  |.  7D 08       JGE SHORT WaGan.0043A6B0
0043A6A8  |.  8B45 F0    MOV EAX,DWORD PTR SS:[EBP-10]
0043A6AB  |.  8945 E4    MOV DWORD PTR SS:[EBP-1C],EAX
0043A6AE  |.  EB 11       JMP SHORT WaGan.0043A6C1
0043A6B0  |>  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]
0043A6B3  |.  33D2       XOR EDX,EDX
0043A6B5  |.  8A11       MOV DL,BYTE PTR DS:[ECX]
0043A6B7  |.  B8 FF000000 MOV EAX,0FF
0043A6BC  |.  2BC2       SUB EAX,EDX
0043A6BE  |.  8945 E4    MOV DWORD PTR SS:[EBP-1C],EAX
0043A6C1  |>  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]
0043A6C4  |.  8A11       MOV DL,BYTE PTR DS:[ECX]
0043A6C6  |.  0255 E4    ADD DL,BYTE PTR SS:[EBP-1C]
0043A6C9  |.  8B45 F8    MOV EAX,DWORD PTR SS:[EBP-8]
0043A6CC  |.  8810       MOV BYTE PTR DS:[EAX],DL
0043A6CE  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]
0043A6D1  |.  83C1 06    ADD ECX,6
0043A6D4  |.  51          PUSH ECX                                  ; /Arg2
0043A6D5  |.  8B55 08    MOV EDX,DWORD PTR SS:[EBP+8]                ; |
0043A6D8  |.  52          PUSH EDX                                  ; |Arg1
0043A6D9  |.  E8 420D0000 CALL WaGan.0043B420 人物移动处理,比较两地址是否相同，是则是到达目的地，返回1
0043A6DE  |.  83C4 08    ADD ESP,8
0043A6E1  |.  85C0       TEST EAX,EAX
0043A6E3  |.  74 46       JE SHORT WaGan.0043A72B    不是在目标位置
0043A6E5  |.  8B45 F4    MOV EAX,DWORD PTR SS:[EBP-C]
0043A6E8  |.  25 FF000000 AND EAX,0FF
0043A6ED  |.  85C0       TEST EAX,EAX
0043A6EF  |.  75 3A       JNZ SHORT WaGan.0043A72B
0043A6F1  |.  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]
0043A6F4  |.  33D2       XOR EDX,EDX
0043A6F6  |.  8A11       MOV DL,BYTE PTR DS:[ECX]
0043A6F8  |.  B8 FF000000 MOV EAX,0FF
0043A6FD  |.  2BC2       SUB EAX,EDX
0043A6FF  |.  83F8 01    CMP EAX,1
0043A702  |.  7E 09       JLE SHORT WaGan.0043A70D
0043A704  |.  C745 E0 01000>MOV DWORD PTR SS:[EBP-20],1
0043A70B  |.  EB 11       JMP SHORT WaGan.0043A71E
0043A70D  |>  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]
0043A710  |.  33D2       XOR EDX,EDX
0043A712  |.  8A11       MOV DL,BYTE PTR DS:[ECX]
0043A714  |.  B8 FF000000 MOV EAX,0FF
0043A719  |.  2BC2       SUB EAX,EDX
0043A71B  |.  8945 E0    MOV DWORD PTR SS:[EBP-20],EAX
0043A71E  |>  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]
0043A721  |.  8A11       MOV DL,BYTE PTR DS:[ECX]
0043A723  |.  0255 E0    ADD DL,BYTE PTR SS:[EBP-20]
0043A726  |.  8B45 F8    MOV EAX,DWORD PTR SS:[EBP-8]
0043A729  |.  8810       MOV BYTE PTR DS:[EAX],DL
0043A72B  |>  33C9       XOR ECX,ECX
0043A72D  |.  8A0D 382C4B00 MOV CL,BYTE PTR DS:[4B2C38]
0043A733  |.  81F9 FF000000 CMP ECX,0FF
0043A739  |.  74 1B       JE SHORT WaGan.0043A756
0043A73B  |.  68 382C4B00 PUSH WaGan.004B2C38                         ; /Arg2 = 004B2C38
0043A740  |.  8B55 08    MOV EDX,DWORD PTR SS:[EBP+8]                ; |
0043A743  |.  52          PUSH EDX                                  ; |Arg1
0043A744  |.  E8 D70C0000 CALL WaGan.0043B420                         ; \WaGan.0043B420
0043A749  |.  83C4 08    ADD ESP,8
0043A74C  |.  85C0       TEST EAX,EAX
0043A74E  |.  74 06       JE SHORT WaGan.0043A756
0043A750  |.  8B45 F8    MOV EAX,DWORD PTR SS:[EBP-8]
0043A753  |.  C600 00    MOV BYTE PTR DS:[EAX],0
0043A756  |>  33C9       XOR ECX,ECX
0043A758  |.  8A0D 4C2C4B00 MOV CL,BYTE PTR DS:[4B2C4C]
0043A75E  |.  8B55 F8    MOV EDX,DWORD PTR SS:[EBP-8]
0043A761  |.  33C0       XOR EAX,EAX
0043A763  |.  8A02       MOV AL,BYTE PTR DS:[EDX]
0043A765  |.  3BC8       CMP ECX,EAX
0043A767  |.  7D 5A       JGE SHORT WaGan.0043A7C3
0043A769  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
0043A76C  |.  81E1 FF000000 AND ECX,0FF
0043A772  |.  8B55 F4    MOV EDX,DWORD PTR SS:[EBP-C]
0043A775  |.  81E2 FF000000 AND EDX,0FF
0043A77B  |.  3BCA       CMP ECX,EDX
0043A77D  |.  7E 18       JLE SHORT WaGan.0043A797
0043A77F  |.  A0 402C4B00 MOV AL,BYTE PTR DS:[4B2C40]
0043A784  |.  A2 442C4B00 MOV BYTE PTR DS:[4B2C44],AL
0043A789  |.  8A0D 2C2C4B00 MOV CL,BYTE PTR DS:[4B2C2C]
0043A78F  |.  880D 282C4B00 MOV BYTE PTR DS:[4B2C28],CL
0043A795  |.  EB 13       JMP SHORT WaGan.0043A7AA
0043A797  |>  C605 442C4B00>MOV BYTE PTR DS:[4B2C44],0FF
0043A79E  |.  8A15 302C4B00 MOV DL,BYTE PTR DS:[4B2C30]
0043A7A4  |.  8815 282C4B00 MOV BYTE PTR DS:[4B2C28],DL
0043A7AA  |>  8B45 F8    MOV EAX,DWORD PTR SS:[EBP-8]
0043A7AD  |.  8A08       MOV CL,BYTE PTR DS:[EAX]
0043A7AF  |.  880D 4C2C4B00 MOV BYTE PTR DS:[4B2C4C],CL
0043A7B5  |.  8B55 08    MOV EDX,DWORD PTR SS:[EBP+8]
0043A7B8  |.  52          PUSH EDX                                  ; /Arg1
0043A7B9  |.  B9 202C4B00 MOV ECX,WaGan.004B2C20                      ; |
0043A7BE  |.  E8 DDBDFCFF CALL WaGan.004065A0                         ; \WaGan.004065A0
0043A7C3  |>  8BE5       MOV ESP,EBP
0043A7C5  |.  5D          POP EBP
0043A7C6  \.  C2 0400    RETN 4
EBP+8    AI武将的坐标位置
ECX    AI武将的战场内存地址
EBP-8    AI武将的攻击范围
EBP-14    AI武将的战场内存地址
00438965  /$  55          PUSH EBP
00438966  |.  8BEC       MOV EBP,ESP
00438968  |.  83EC 14    SUB ESP,14
0043896B  |.  894D EC    MOV DWORD PTR SS:[EBP-14],ECX
0043896E  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]
00438971  |.  E8 486F0000 CALL WaGan.0043F8BE          获取武将的攻击范围
00438976  |.  8845 F8    MOV BYTE PTR SS:[EBP-8],AL
00438979  |.  C645 FC 00 MOV BYTE PTR SS:[EBP-4],0
0043897D  |.  C645 F4 00 MOV BYTE PTR SS:[EBP-C],0
00438981  |.  C605 302C4B00>MOV BYTE PTR DS:[4B2C30],0FF
00438988  |.  6A 00       PUSH 0                               ; /Arg4 = 00000000
0043898A  |.  68 80000000 PUSH 80                               ; |Arg3 = 00000080
0043898F  |.  8A45 F8    MOV AL,BYTE PTR SS:[EBP-8]             ; |
00438992  |.  50          PUSH EAX                               ; |Arg2          攻击范围
00438993  |.  8B4D 08    MOV ECX,DWORD PTR SS:[EBP+8]          ; |
00438996  |.  51          PUSH ECX                               ; |Arg1
00438997  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
0043899A  |.  E8 E7DBFFFF CALL WaGan.00436586                   ; \WaGan.00436586
0043899F  |.  25 FF000000 AND EAX,0FF
004389A4  |.  3D FF000000 CMP EAX,0FF
004389A9  |.  74 6C       JE SHORT WaGan.00438A17
004389AB  |.  C745 F0 48C74> MOV DWORD PTR SS:[EBP-10],4AC748
004389B2  |.  EB 09       JMP SHORT WaGan.004389BD
004389B4  |>  8B55 F0    /MOV EDX,DWORD PTR SS:[EBP-10]          AI针对全体相反部队的伤害做估算排序
004389B7  |.  83C2 01    |ADD EDX,1
004389BA  |.  8955 F0    |MOV DWORD PTR SS:[EBP-10],EDX
004389BD  |>  8B45 F0       MOV EAX,DWORD PTR SS:[EBP-10]
004389C0  |.  33C9       |XOR ECX,ECX
004389C2  |.  8A08       |MOV CL,BYTE PTR DS:[EAX]
004389C4  |.  81F9 FF000000 |CMP ECX,0FF
004389CA  |.  74 4B       |JE SHORT WaGan.00438A17    退出循环
004389CC  |.  8B55 F0    |MOV EDX,DWORD PTR SS:[EBP-10]
004389CF  |.  33C0       |XOR EAX,EAX
004389D1  |.  8A02       |MOV AL,BYTE PTR DS:[EDX]
004389D3  |.  83F8 73    |CMP EAX,73
004389D6  |.  7D 3F       |JGE SHORT WaGan.00438A17    大于115，退出循环
004389D8  |.  8B4D 08    |MOV ECX,DWORD PTR SS:[EBP+8]
004389DB  |.  66:8B11    |MOV DX,WORD PTR DS:[ECX]
004389DE  |.  52          |PUSH EDX                            ; /Arg2
004389DF  |.  8B45 F0    |MOV EAX,DWORD PTR SS:[EBP-10]       ; |
004389E2  |.  8A08       |MOV CL,BYTE PTR DS:[EAX]             ; |
004389E4  |.  51          |PUSH ECX                            ; |Arg1    准备攻击人的战场形象编号
004389E5  |.  8B4D EC    |MOV ECX,DWORD PTR SS:[EBP-14]       ; |
004389E8  |.  E8 33000000 |CALL WaGan.00438A20                   ; \WaGan.00438A20 AI估算函数
004389ED  |.  8845 FC    |MOV BYTE PTR SS:[EBP-4],AL
004389F0  |.  8B55 F4    |MOV EDX,DWORD PTR SS:[EBP-C]
004389F3  |.  81E2 FF000000 |AND EDX,0FF
004389F9  |.  8B45 FC    |MOV EAX,DWORD PTR SS:[EBP-4]
004389FC  |.  25 FF000000 |AND EAX,0FF
00438A01  |.  3BD0       |CMP EDX,EAX
00438A03  |.  7D 10       |JGE SHORT WaGan.00438A15
00438A05  |.  8A4D FC    |MOV CL,BYTE PTR SS:[EBP-4]
00438A08  |.  884D F4    |MOV BYTE PTR SS:[EBP-C],CL
00438A0B  |.  8B55 F0    |MOV EDX,DWORD PTR SS:[EBP-10]
00438A0E  |.  8A02       |MOV AL,BYTE PTR DS:[EDX]
00438A10  |.  A2 302C4B00 |MOV BYTE PTR DS:[4B2C30],AL
00438A15  |>^ EB 9D       \JMP SHORT WaGan.004389B4
00438A17  |>  8A45 F4    MOV AL,BYTE PTR SS:[EBP-C]    最终的估算值
00438A1A  |.  8BE5       MOV ESP,EBP
00438A1C  |.  5D          POP EBP
00438A1D  \.  C2 0400    RETN 4

传入参数：
EBP+C  坐标位置
EBP+8  AI准备攻击武将战场形象编号
ECX AI控制武将的战场内存地址
局部变量
EBP-98  保存ECX值，应该是AI武将的战场内存地址
EBP-94  AI准备攻击武将攻击范围
EBP-90  AI准备攻击武将坐标位置
EBP-4 AI武将的攻击效果
EBP-8 AI准备攻击人物Data序号
EBP-C 一个权值，初始为0，当估算能击退掉目标武将是，为0x50,
0x10是伤害估算*10《被攻击者的士气+全身道具效果值  或  当前武将体力 * 100 /  被攻击者的士气+全身道具效果值 <=40
0x0a  控制标记为1
0x02  控制标记不为1
EBP-10  AI准备攻击人物的Data内存地址
EBP-14  AI估算的伤害值
AI函数：
00438A20  /$  55          PUSH EBP
00438A21  |.  8BEC       MOV EBP,ESP
00438A23  |.  81EC 98000000 SUB ESP,98
00438A29  |.  56          PUSH ESI
00438A2A  |.  898D 68FFFFFF MOV DWORD PTR SS:[EBP-98],ECX
00438A30  |.  8B4D 08    MOV ECX,DWORD PTR SS:[EBP+8]
00438A33  |.  81E1 FF000000 AND ECX,0FF
00438A39  |.  6BC9 24    IMUL ECX,ECX,24
00438A3C  |.  81C1 502C4B00 ADD ECX,WaGan.004B2C50
00438A42  |.  E8 296C0200 CALL WaGan.0045F670       获取AI准备攻击武将ecx的data编号
00438A47  |.  8945 F8    MOV DWORD PTR SS:[EBP-8],EAX
00438A4A  |.  C745 F4 00000>MOV DWORD PTR SS:[EBP-C],0
00438A51  |.  8B45 08    MOV EAX,DWORD PTR SS:[EBP+8]
00438A54  |.  25 FF000000 AND EAX,0FF
00438A59  |.  3D FF000000 CMP EAX,0FF
00438A5E  |.  0F84 17010000 JE WaGan.00438B7B          战场形象编号等于FF,没有人，跳转
00438A64  |.  8B4D 08    MOV ECX,DWORD PTR SS:[EBP+8]
00438A67  |.  81E1 FF000000 AND ECX,0FF
00438A6D  |.  83F9 73    CMP ECX,73
00438A70  |.  0F8D 05010000 JGE WaGan.00438B7B          >=73,这个战场人物不存在，跳转
00438A76  |.  8B4D 08    MOV ECX,DWORD PTR SS:[EBP+8]
00438A79  |.  81E1 FF000000 AND ECX,0FF
00438A7F  |.  6BC9 24    IMUL ECX,ECX,24
00438A82  |.  81C1 502C4B00 ADD ECX,WaGan.004B2C50
00438A88  |.  E8 83DCFCFF CALL WaGan.00406710 判断武将ecx（战场内存地址）的战场编号是否大于23，返回1表示是非敌军，返回0表示敌人
00438A8D  |.  8BF0       MOV ESI,EAX
00438A8F  |.  8B8D 68FFFFFF MOV ECX,DWORD PTR SS:[EBP-98]
00438A95  |.  E8 76DCFCFF CALL WaGan.00406710判断武将ecx（战场内存地址）的战场编号是否大于23，返回1表示是非敌军，返回0表示敌人
00438A9A  |.  3BF0       CMP ESI,EAX    比较攻击方和被攻击方是否属于同一方
00438A9C  |.  0F84 D9000000 JE WaGan.00438B7B       属于同一方，跳转
00438AA2  |.  8B55 F8    MOV EDX,DWORD PTR SS:[EBP-8]
00438AA5  |.  6BD2 48    IMUL EDX,EDX,48
00438AA8  |.  81C2 0000D600 ADD EDX,0D60000
00438AAE  |.  8955 F0    MOV DWORD PTR SS:[EBP-10],EDX
00438AB1  |.  6A 00       PUSH 0
00438AB3  |.  6A 00       PUSH 0
00438AB5  |.  8B45 F0    MOV EAX,DWORD PTR SS:[EBP-10] AI准备攻击人物的Data内存地址
00438AB8  |.  50          PUSH EAX
00438AB9  |.  8B8D 68FFFFFF MOV ECX,DWORD PTR SS:[EBP-98] AI武将的战场内存地址
00438ABF  |.  E8 87310000 CALL WaGan.0043BC4B                      估算伤害值
00438AC4  |.  8945 EC    MOV DWORD PTR SS:[EBP-14],EAX
00438AC7  |.  8B4D 08    MOV ECX,DWORD PTR SS:[EBP+8]
00438ACA  |.  81E1 FF000000 AND ECX,0FF
00438AD0  |.  6BC9 24    IMUL ECX,ECX,24
00438AD3  |.  81C1 502C4B00 ADD ECX,WaGan.004B2C50
00438AD9  |.  E8 B2A10300 CALL WaGan.00472C90       返回AI准备攻击武将ecx的当前体力
00438ADE  |.  3945 EC    CMP DWORD PTR SS:[EBP-14],EAX    准备攻击武将当前HPCur值和估算伤害的比较
00438AE1  |.  72 0C       JB SHORT WaGan.00438AEF    估计伤害值小于当前武将HPCur，跳转
00438AE3  |.  C745 F4 50000>MOV DWORD PTR SS:[EBP-C],50
00438AEA  |.  E9 8C000000 JMP WaGan.00438B7B             变量赋值为0x50，一个标记
00438AEF  |>  8B75 EC    MOV ESI,DWORD PTR SS:[EBP-14]
00438AF2  |.  6BF6 0A    IMUL ESI,ESI,0A                      把伤害值*10
00438AF5  |.  8B4D F0    MOV ECX,DWORD PTR SS:[EBP-10]
00438AF8  |.  E8 1EE7FCFF CALL WaGan.0040721B       这个返回值是被攻击人的士气+全身道具效果值和
00438AFD  |.  8BC8       MOV ECX,EAX
00438AFF  |.  8BC6       MOV EAX,ESI
00438B01  |.  33D2       XOR EDX,EDX
00438B03  |.  F7F1       DIV ECX             伤害估算*10 / 被攻击人的士气+全身道具效果值和
00438B05  |.  83F8 01    CMP EAX,1             比较两个的大小
00438B08  |.  72 09       JB SHORT WaGan.00438B13
00438B0A  |.  C745 F4 10000>MOV DWORD PTR SS:[EBP-C],10
00438B11  |.  EB 68       JMP SHORT WaGan.00438B7B
00438B13  |>  8B4D 08    MOV ECX,DWORD PTR SS:[EBP+8]
00438B16  |.  81E1 FF000000 AND ECX,0FF
00438B1C  |.  6BC9 24    IMUL ECX,ECX,24
00438B1F  |.  81C1 502C4B00 ADD ECX,WaGan.004B2C50
00438B25  |.  E8 66A10300 CALL WaGan.00472C90          返回AI准备攻击武将ecx的当前体力
00438B2A  |.  8BF0       MOV ESI,EAX
00438B2C  |.  6BF6 64    IMUL ESI,ESI,64                把武将当前体力*0x64
00438B2F  |.  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]
00438B32  |.  6BC9 48    IMUL ECX,ECX,48
00438B35  |.  81C1 0000D600 ADD ECX,0D60000
00438B3B  |.  E8 DBE6FCFF CALL WaGan.0040721B    这个返回值是被攻击人的士气+全身道具效果值和
00438B40  |.  8BC8       MOV ECX,EAX
00438B42  |.  8BC6       MOV EAX,ESI
00438B44  |.  33D2       XOR EDX,EDX
00438B46  |.  F7F1       DIV ECX                      把武将当前体力*100 除以被攻击人的士气+全身道具效果值和
00438B48  |.  83F8 28    CMP EAX,28
00438B4B  |.  77 09       JA SHORT WaGan.00438B56             大于40则跳转
00438B4D  |.  C745 F4 10000>MOV DWORD PTR SS:[EBP-C],10
00438B54  |.  EB 25       JMP SHORT WaGan.00438B7B
00438B56  |>  8B8D 68FFFFFF MOV ECX,DWORD PTR SS:[EBP-98]
00438B5C  |.  E8 6FCFFEFF CALL WaGan.00425AD0       是否能被玩家直接控制,07表示可控
00438B61  |.  25 FF000000 AND EAX,0FF
00438B66  |.  83F8 01    CMP EAX,1
00438B69  |.  75 09       JNZ SHORT WaGan.00438B74
00438B6B  |.  C745 F4 0A000>MOV DWORD PTR SS:[EBP-C],0A
00438B72  |.  EB 07       JMP SHORT WaGan.00438B7B
00438B74  |>  C745 F4 02000>MOV DWORD PTR SS:[EBP-C],2

00438B7B  |>  6A 08       PUSH 8                               ; /Arg1 = 00000008
00438B7D  |.  8B4D 08    MOV ECX,DWORD PTR SS:[EBP+8]          ; |
00438B80  |.  81E1 FF000000 AND ECX,0FF                            ; |
00438B86  |.  6BC9 24    IMUL ECX,ECX,24                      ; |
00438B89  |.  81C1 502C4B00 ADD ECX,WaGan.004B2C50                ; |
00438B8F  |.  E8 4CDBFCFF CALL WaGan.004066E0                   ; \WaGan.004066E0    判断被攻击武将是否混乱
00438B94  |.  85C0       TEST EAX,EAX
00438B96  |.  74 09       JE SHORT WaGan.00438BA1
00438B98  |.  8B55 F4    MOV EDX,DWORD PTR SS:[EBP-C]
00438B9B  |.  83C2 08    ADD EDX,8                         混乱的话，权值+8
00438B9E  |.  8955 F4    MOV DWORD PTR SS:[EBP-C],EDX
00438BA1  |>  837D F4 00 CMP DWORD PTR SS:[EBP-C],0
00438BA5  |.  76 51       JBE SHORT WaGan.00438BF8          小于等于0，即实际位置上没有人
00438BA7  |.  817D F8 00040>CMP DWORD PTR SS:[EBP-8],400
00438BAE  |.  73 48       JNB SHORT WaGan.00438BF8       被攻击武将Data大于0x400(1024)，无人
00438BB0  |.  8B4D 08    MOV ECX,DWORD PTR SS:[EBP+8]
00438BB3  |.  81E1 FF000000 AND ECX,0FF
00438BB9  |.  6BC9 24    IMUL ECX,ECX,24
00438BBC  |.  81C1 502C4B00 ADD ECX,WaGan.004B2C50
00438BC2  |.  E8 A96A0200 CALL WaGan.0045F670          获取武将ecx的data编号
00438BC7  |.  8BF0       MOV ESI,EAX
00438BC9  |.  B9 902F4900 MOV ECX,WaGan.00492F90
00438BCE  |.  E8 5DDAFCFF CALL WaGan.00406630       判断是否是敌主将
00438BD3  |.  3BF0       CMP ESI,EAX
00438BD5  |.  74 0D       JE SHORT WaGan.00438BE4    和被攻击的人相等
00438BD7  |.  8B45 08    MOV EAX,DWORD PTR SS:[EBP+8]
00438BDA  |.  25 FF000000 AND EAX,0FF
00438BDF  |.  83F8 23    CMP EAX,23             比较是否等于23 （第一个敌军的战场编号）
00438BE2  |.  75 0B       JNZ SHORT WaGan.00438BEF
00438BE4  |>  8B4D F4    MOV ECX,DWORD PTR SS:[EBP-C]
00438BE7  |.  83C1 08    ADD ECX,8                                  应该是表示主将，这个权值+8
00438BEA  |.  894D F4    MOV DWORD PTR SS:[EBP-C],ECX
00438BED  |.  EB 09       JMP SHORT WaGan.00438BF8
00438BEF  |>  8B55 F4    MOV EDX,DWORD PTR SS:[EBP-C]
00438BF2  |.  83C2 04    ADD EDX,4
00438BF5  |.  8955 F4    MOV DWORD PTR SS:[EBP-C],EDX             非主将，权值+4
00438BF8  |>  837D F4 4B CMP DWORD PTR SS:[EBP-C],4B
00438BFC  |.  73 16       JNB SHORT WaGan.00438C14                   权值大于75的跳转
00438BFE  |.  8B8D 68FFFFFF MOV ECX,DWORD PTR SS:[EBP-98]
00438C04  |.  E8 E4730000 CALL WaGan.0043FFED       判断下当前AI武将是文官还是武将
00438C09  |.  85C0       TEST EAX,EAX
00438C0B  |.  74 07       JE SHORT WaGan.00438C14             非文官跳转
00438C0D  |.  33C0       XOR EAX,EAX
00438C0F  |.  E9 7B010000 JMP WaGan.00438D8F                结束
00438C14  |>  8B85 68FFFFFF MOV EAX,DWORD PTR SS:[EBP-98]
00438C1A  |.  8B08       MOV ECX,DWORD PTR DS:[EAX]
00438C1C  |.  6BC9 48    IMUL ECX,ECX,48
00438C1F  |.  81C1 0000D600 ADD ECX,0D60000
00438C25  |.  E8 EEEBFCFF CALL WaGan.00407818
判断攻击人的攻击效果（重炮和霹雳车返回1,老虎返回4，其他的根据实际穿透值，普通的返回0）
00407818  /$  55          PUSH EBP
00407819  |.  8BEC       MOV EBP,ESP
0040781B  |.  83EC 0C    SUB ESP,0C
0040781E  |.  894D F8    MOV DWORD PTR SS:[EBP-8],ECX
00407821  |.  C645 FC 00 MOV BYTE PTR SS:[EBP-4],0
00407825  |.  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]
00407828  |.  E8 E3EDFFFF CALL Ekd5英杰.00406610       获取兵种
0040782D  |.  8845 F4    MOV BYTE PTR SS:[EBP-C],AL
00407830  |.  807D F4 10 CMP BYTE PTR SS:[EBP-C],10
00407834  |.  72 1A       JB SHORT Ekd5英杰.00407850 重炮车以前
00407836  |.  807D F4 11 CMP BYTE PTR SS:[EBP-C],11
0040783A  |.  76 08       JBE SHORT Ekd5英杰.00407844 重炮和霹雳车
0040783C  |.  807D F4 2B CMP BYTE PTR SS:[EBP-C],2B
00407840  |.  74 08       JE SHORT Ekd5英杰.0040784A 等于老虎跳转
00407842  |.  EB 0C       JMP SHORT Ekd5英杰.00407850
00407844  |>  C645 FC 01 MOV BYTE PTR SS:[EBP-4],1
00407848  |.  EB 21       JMP SHORT Ekd5英杰.0040786B
0040784A  |>  C645 FC 04 MOV BYTE PTR SS:[EBP-4],4
0040784E  |.  EB 1B       JMP SHORT Ekd5英杰.0040786B
00407850  |>  6A 2B       PUSH 2B                            传透攻击
00407852  |.  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]          ; |
00407855  |.  E8 AF010000 CALL Ekd5英杰.00407A09
0040785A  |.  85C0       TEST EAX,EAX
0040785C  |.  74 0D       JE SHORT Ekd5英杰.0040786B
0040785E  |.  6A 2B       PUSH 2B
00407860  |.  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]          ; |
00407863  |.  E8 8A020000 CALL Ekd5英杰.00407AF2
01十字，02九宫，03大没羽箭，04蛇矛，05长蛇矛(穿六个)，06大大没羽箭，其余为正常攻击       ; 00407868  |.  8845 FC    MOV BYTE PTR SS:[EBP-4],AL
0040786B  |>  8A45 FC    MOV AL,BYTE PTR SS:[EBP-4]
0040786E  |.  8BE5       MOV ESP,EBP
00407870  |.  5D          POP EBP
00407871  \.  C3          RETN
00438C2A  |.  8845 FC    MOV BYTE PTR SS:[EBP-4],AL
00438C2D  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
00438C30  |.  81E1 FF000000 AND ECX,0FF
00438C36  |.  81F9 FF000000 CMP ECX,0FF
00438C3C  |.  74 6C       JE SHORT WaGan.00438CAA          攻击效果等于0FF
00438C3E  |.  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]
00438C41  |.  81E2 FF000000 AND EDX,0FF
00438C47  |.  85D2       TEST EDX,EDX
00438C49  |.  74 5F       JE SHORT WaGan.00438CAA          攻击效果等于0
00438C4B  |.  8D85 78FFFFFF LEA EAX,DWORD PTR SS:[EBP-88]
00438C51  |.  8985 74FFFFFF MOV DWORD PTR SS:[EBP-8C],EAX
00438C57  |.  68 FF000000 PUSH 0FF                               ; /Arg6 = 000000FF
00438C5C  |.  68 FF000000 PUSH 0FF                               ; |Arg5 = 000000FF
00438C61  |.  8D8D 78FFFFFF LEA ECX,DWORD PTR SS:[EBP-88]          ; |
00438C67  |.  51          PUSH ECX                               ; |Arg4
00438C68  |.  8A55 FC    MOV DL,BYTE PTR SS:[EBP-4]             ; |
00438C6B  |.  52          PUSH EDX                               ; |Arg3             攻击效果值
00438C6C  |.  6A 01       PUSH 1                               ; |Arg2 = 00000001
00438C6E  |.  8A45 08    MOV AL,BYTE PTR SS:[EBP+8]             ; |
00438C71  |.  50          PUSH EAX                               ; |Arg1             被攻击武将战场形象编号
00438C72  |.  8B8D 68FFFFFF MOV ECX,DWORD PTR SS:[EBP-98]          ; |
00438C78  |.  E8 30CEFFFF CALL WaGan.00435AAD                   ; \WaGan.00435AAD
(返回的是一串地址，里面存放着本次攻击每个人的战场形象编号串，以FF结束)

00435AAD  /$  55          PUSH EBP
00435AAE  |.  8BEC       MOV EBP,ESP
00435AB0  |.  83EC 08    SUB ESP,8
00435AB3  |.  894D F8    MOV DWORD PTR SS:[EBP-8],ECX AI武将的战场内存地址
00435AB6  |.  8B45 14    MOV EAX,DWORD PTR SS:[EBP+14]  一个内存地址值
00435AB9  |.  8945 FC    MOV DWORD PTR SS:[EBP-4],EAX
00435ABC  |.  8B4D 0C    MOV ECX,DWORD PTR SS:[EBP+C] 攻击效果值
00435ABF  |.  81E1 FF000000 AND ECX,0FF
00435AC5  |.  85C9       TEST ECX,ECX
00435AC7  |.  75 19       JNZ SHORT WaGan.00435AE2  非0，有攻击效果跳转
00435AC9  |.  8B55 14    MOV EDX,DWORD PTR SS:[EBP+14] 一个内存地址值
00435ACC  |.  8A45 08    MOV AL,BYTE PTR SS:[EBP+8] 被攻击武将战场形象编号
00435ACF  |.  8802       MOV BYTE PTR DS:[EDX],AL
00435AD1  |.  8B4D 14    MOV ECX,DWORD PTR SS:[EBP+14]
00435AD4  |.  83C1 01    ADD ECX,1
00435AD7  |.  894D 14    MOV DWORD PTR SS:[EBP+14],ECX
00435ADA  |.  8B55 14    MOV EDX,DWORD PTR SS:[EBP+14]
00435ADD  |.  C602 FF    MOV BYTE PTR DS:[EDX],0FF
00435AE0  |.  EB 53       JMP SHORT WaGan.00435B35
00435AE2  |>  8B45 0C    MOV EAX,DWORD PTR SS:[EBP+C]
00435AE5  |.  25 FF000000 AND EAX,0FF
00435AEA  |.  83F8 01    CMP EAX,1
00435AED  |.  75 23       JNZ SHORT WaGan.00435B12 不等于1跳转(非十字攻击)
00435AEF  |.  8A4D 1C    MOV CL,BYTE PTR SS:[EBP+1C]
00435AF2  |.  51          PUSH ECX                               ; /Arg6 =FF
00435AF3  |.  8A55 18    MOV DL,BYTE PTR SS:[EBP+18]             ; |
00435AF6  |.  52          PUSH EDX                               ; |Arg5 =FF
00435AF7  |.  6A 00       PUSH 0                                  ; |Arg4 = 00000000
00435AF9  |.  8B45 14    MOV EAX,DWORD PTR SS:[EBP+14]          ; |
00435AFC  |.  50          PUSH EAX                               ; |Arg3 内存地址
00435AFD  |.  8A4D 10    MOV CL,BYTE PTR SS:[EBP+10]             ; |
00435B00  |.  51          PUSH ECX                               ; |Arg2  攻击效果
00435B01  |.  8A55 08    MOV DL,BYTE PTR SS:[EBP+8]             ; |
00435B04  |.  52          PUSH EDX                               ; |Arg1 被攻击武将战场形象编号
00435B05  |.  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]          ; |
00435B08  |.  E8 210A0000 CALL WaGan.0043652E       ; \求非十字攻击的可攻击战场形象编号串
00435B0D  |.  8945 FC    MOV DWORD PTR SS:[EBP-4],EAX
00435B10  |.  EB 23       JMP SHORT WaGan.00435B35
00435B12  |>  68 FF000000 PUSH 0FF                               ; /Arg6 = 000000FF
00435B17  |.  68 FF000000 PUSH 0FF                               ; |Arg5 = 000000FF
00435B1C  |.  6A 01       PUSH 1                                  ; |Arg4 = 00000001
00435B1E  |.  8B45 14    MOV EAX,DWORD PTR SS:[EBP+14]          ; |
00435B21  |.  50          PUSH EAX                               ; |Arg3内存地址
00435B22  |.  8A4D 10    MOV CL,BYTE PTR SS:[EBP+10]             ; |
00435B25  |.  51          PUSH ECX                               ; |Arg2 攻击效果
00435B26  |.  8A55 08    MOV DL,BYTE PTR SS:[EBP+8]             ; |
00435B29  |.  52          PUSH EDX                               ; |Arg1被攻击武将战场形象编号
00435B2A  |.  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]          ; |
00435B2D  |.  E8 FC090000 CALL WaGan.0043652E ; \求十字攻击的可攻击战场形象编号串
00435B32  |.  8945 FC    MOV DWORD PTR SS:[EBP-4],EAX
00435B35  |>  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
00435B38  |.  8BE5       MOV ESP,EBP
00435B3A  |.  5D          POP EBP
00435B3B  \.  C2 1800    RETN 18

00438C7D  |.  8985 74FFFFFF MOV DWORD PTR SS:[EBP-8C],EAX
00438C83  |.  68 FF000000 PUSH 0FF                               ; /Arg5 = 000000FF
00438C88  |.  8B8D 68FFFFFF MOV ECX,DWORD PTR SS:[EBP-98]          ; |
00438C8E  |.  8A51 04    MOV DL,BYTE PTR DS:[ECX+4]             ; |
00438C91  |.  52          PUSH EDX                               ; |Arg4          AI武将的战场形象编号
00438C92  |.  6A 00       PUSH 0                               ; |Arg3 = 00000000
00438C94  |.  8B45 F4    MOV EAX,DWORD PTR SS:[EBP-C]          ; |
00438C97  |.  50          PUSH EAX                               ; |Arg2          评估权值
00438C98  |.  8B8D 74FFFFFF MOV ECX,DWORD PTR SS:[EBP-8C]          ; |
00438C9E  |.  51          PUSH ECX                               ; |Arg1          攻击波及效果的战场编号数组
00438C9F  |.  E8 F2000000 CALL WaGan.00438D96                   ; \WaGan.00438D96
00438CA4  |.  83C4 14    ADD ESP,14
00438CA7  |.  8945 F4    MOV DWORD PTR SS:[EBP-C],EAX          最后返回估算值
00438CAA  |>  837D F4 00 CMP DWORD PTR SS:[EBP-C],0
00438CAE  |.  0F86 D8000000 JBE WaGan.00438D8C          攻击标记为0，结束。返回0
00438CB4  |.  8B4D 08    MOV ECX,DWORD PTR SS:[EBP+8]
00438CB7  |.  81E1 FF000000 AND ECX,0FF
00438CBD  |.  6BC9 24    IMUL ECX,ECX,24
00438CC0  |.  81C1 502C4B00 ADD ECX,WaGan.004B2C50
00438CC6  |.  E8 95A6FCFF CALL WaGan.00403360          获取被攻击武将的坐标位置(纵横)
00438CCB  |.  66:8B10    MOV DX,WORD PTR DS:[EAX]
00438CCE  |.  66:8995 70FFF>MOV WORD PTR SS:[EBP-90],DX
00438CD5  |.  8B4D 08    MOV ECX,DWORD PTR SS:[EBP+8]
00438CD8  |.  81E1 FF000000 AND ECX,0FF
00438CDE  |.  6BC9 24    IMUL ECX,ECX,24
00438CE1  |.  81C1 502C4B00 ADD ECX,WaGan.004B2C50
00438CE7  |.  E8 D26B0000 CALL WaGan.0043F8BE       获取被攻击武将的攻击范围(宝物覆盖兵种)
00438CEC  |.  8885 6CFFFFFF MOV BYTE PTR SS:[EBP-94],AL
00438CF2  |.  6A 00       PUSH 0                               ; /Arg3 = 00000000
00438CF4  |.  68 40060000 PUSH 640                               ; |Arg2 = 00000640
00438CF9  |.  6A 04       PUSH 4                               ; |/Arg3 = 00000004
00438CFB  |.  6A 00       PUSH 0                               ; ||Arg2 = 00000000
00438CFD  |.  68 800C0000 PUSH 0C80                            ; ||Arg1 = 00000C80
00438D02  |.  B9 68AB4A00 MOV ECX,WaGan.004AAB68                ; ||
00438D07  |.  E8 346D0400 CALL WaGan.0047FA40                   ; |\WaGan.0047FA40
00438D0C  |.  50          PUSH EAX                               ; |Arg1
00438D0D  |.  E8 01700400 CALL WaGan.0047FD13                   ; \WaGan.0047FD13
00438D12  |.  83C4 0C    ADD ESP,0C

00438D15  |.  6A 01       PUSH 1                               ; /Arg4 = 00000001
00438D17  |.  68 80000000 PUSH 80                               ; |Arg3 = 00000080
00438D1C  |.  8A85 6CFFFFFF MOV AL,BYTE PTR SS:[EBP-94]          ; |
00438D22  |.  50          PUSH EAX                               ; |Arg2 AI准备攻击武将攻击范围
00438D23  |.  8D8D 70FFFFFF LEA ECX,DWORD PTR SS:[EBP-90]          ; |
00438D29  |.  51          PUSH ECX                               ; |Arg1 AI准备攻击武将坐标位置
00438D2A  |.  8B4D 08    MOV ECX,DWORD PTR SS:[EBP+8]          ; |
00438D2D  |.  81E1 FF000000 AND ECX,0FF                            ; |
00438D33  |.  6BC9 24    IMUL ECX,ECX,24                      ; |
00438D36  |.  81C1 502C4B00 ADD ECX,WaGan.004B2C50                ; |             被攻击武将战场内存地址
00438D3C  |.  E8 45D8FFFF CALL WaGan.00436586                   ; \WaGan.00436586
00438D41  |.  6A 04       PUSH 4                               ; /Arg3 = 00000004
00438D43  |.  6A 00       PUSH 0                               ; |Arg2 = 00000000
00438D45  |.  68 800C0000 PUSH 0C80                            ; |Arg1 = 00000C80
00438D4A  |.  B9 68AB4A00 MOV ECX,WaGan.004AAB68                ; |
00438D4F  |.  E8 EC6C0400 CALL WaGan.0047FA40                   ; \WaGan.0047FA40    ？（求出地图信息的内存起始地址）
00438D54  |.  8B55 0C    MOV EDX,DWORD PTR SS:[EBP+C]       目标位置横坐标
00438D57  |.  81E2 FF000000 AND EDX,0FF
00438D5D  |.  03C2       ADD EAX,EDX
00438D5F  |.  8B4D 0D    MOV ECX,DWORD PTR SS:[EBP+D]       目标位置纵坐标
00438D62  |.  81E1 FF000000 AND ECX,0FF
00438D68  |.  33D2       XOR EDX,EDX
00438D6A  |.  8A15 2C424B00 MOV DL,BYTE PTR DS:[4B422C]    最大横坐标
00438D70  |.  0FAFCA       IMUL ECX,EDX             纵坐标*最大横坐标
00438D73  |.  33D2       XOR EDX,EDX
00438D75  |.  8A1408       MOV DL,BYTE PTR DS:[EAX+ECX]       内存坐标起始地址+ 横坐标+纵坐标*最大横坐标
00438D78  |.  83FA 01    CMP EDX,1
00438D7B  |.  75 0F       JNZ SHORT WaGan.00438D8C       其中的值不等于1
00438D7D  |.  837D F4 01 CMP DWORD PTR SS:[EBP-C],1
00438D81  |.  76 09       JBE SHORT WaGan.00438D8C          估算值小于等于1跳转
00438D83  |.  8B45 F4    MOV EAX,DWORD PTR SS:[EBP-C]
00438D86  |.  83E8 01    SUB EAX,1
00438D89  |.  8945 F4    MOV DWORD PTR SS:[EBP-C],EAX
00438D8C  |>  8B45 F4    MOV EAX,DWORD PTR SS:[EBP-C]
00438D8F  |>  5E          POP ESI
00438D90  |.  8BE5       MOV ESP,EBP
00438D92  |.  5D          POP EBP
00438D93  \.  C2 0800    RETN 8

00438C83  |.  68 FF000000 PUSH 0FF                               ; /Arg5 = 000000FF
00438C88  |.  8B8D 68FFFFFF MOV ECX,DWORD PTR SS:[EBP-98]          ; |
00438C8E  |.  8A51 04    MOV DL,BYTE PTR DS:[ECX+4]             ; |
00438C91  |.  52          PUSH EDX                               ; |Arg4          AI武将的战场形象编号 +14
00438C92  |.  6A 00       PUSH 0                               ; |Arg3 = 00000000 +10
00438C94  |.  8B45 F4    MOV EAX,DWORD PTR SS:[EBP-C]          ; |
00438C97  |.  50          PUSH EAX                               ; |Arg2          评估权值 +0C
00438C98  |.  8B8D 74FFFFFF MOV ECX,DWORD PTR SS:[EBP-8C]          ; |
00438C9E  |.  51          PUSH ECX                               ; |Arg1       攻击波及效果的战场编号数组 +08
00438C9F  |.  E8 F2000000 CALL WaGan.00438D96                   ; \WaGan.00438D96

00438D96  /$  55          PUSH EBP
00438D97  |.  8BEC       MOV EBP,ESP
00438D99  |.  83EC 14    SUB ESP,14
00438D9C  |.  56          PUSH ESI
00438D9D  |.  C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0
00438DA4  |.  C745 F4 00000>MOV DWORD PTR SS:[EBP-C],0
00438DAB  |.  C745 F8 00000>MOV DWORD PTR SS:[EBP-8],0
00438DB2  |.  8B45 08    MOV EAX,DWORD PTR SS:[EBP+8]
00438DB5  |.  33C9       XOR ECX,ECX
00438DB7  |.  8A08       MOV CL,BYTE PTR DS:[EAX]
00438DB9  |.  81F9 FF000000 CMP ECX,0FF
00438DBF  |.  75 1D       JNZ SHORT WaGan.00438DDE
00438DC1  |.  837D 0C 04 CMP DWORD PTR SS:[EBP+C],4                            这个都是数组内容比较结束后的处理
00438DC5  |.  7E 0B       JLE SHORT WaGan.00438DD2    评估值小于等于4
00438DC7  |.  8B55 0C    MOV EDX,DWORD PTR SS:[EBP+C]
00438DCA  |.  83EA 04    SUB EDX,4
00438DCD  |.  8955 0C    MOV DWORD PTR SS:[EBP+C],EDX
00438DD0  |.  EB 07       JMP SHORT WaGan.00438DD9
00438DD2  |>  C745 0C 00000>MOV DWORD PTR SS:[EBP+C],0
00438DD9  |>  E9 CF020000 JMP WaGan.004390AD
00438DDE  |>  8B45 08    /MOV EAX,DWORD PTR SS:[EBP+8]
00438DE1  |.  33C9       |XOR ECX,ECX
00438DE3  |.  8A08       |MOV CL,BYTE PTR DS:[EAX]
00438DE5  |.  81F9 FF000000 |CMP ECX,0FF
00438DEB  |.  0F84 BC020000 |JE WaGan.004390AD          结束循环
00438DF1  |.  8B55 10    |MOV EDX,DWORD PTR SS:[EBP+10]
00438DF4  |.  81E2 FF000000 |AND EDX,0FF
00438DFA  |.  8955 F0    |MOV DWORD PTR SS:[EBP-10],EDX
00438DFD  |.  837D F0 05 |CMP DWORD PTR SS:[EBP-10],5
00438E01  |.  0F87 98020000 |JA WaGan.0043909F                   大于 5结束
00438E07  |.  8B45 F0    |MOV EAX,DWORD PTR SS:[EBP-10]
00438E0A  |.  FF2485 D79043>|JMP DWORD PTR DS:[EAX*4+4390D7]
004390D7 .  118E4300    DD WaGan.00438E11
004390DB .  108F4300    DD WaGan.00438F10
004390DF .  868F4300    DD WaGan.00438F86
004390E3 .  CF8F4300    DD WaGan.00438FCF
004390E7 .  18904300    DD WaGan.00439018
004390EB .  5C904300    DD WaGan.0043905C

00438E11  |>  8B4D 18    |MOV ECX,DWORD PTR SS:[EBP+18]
00438E14  |.  81E1 FF000000 |AND ECX,0FF
00438E1A  |.  81F9 FF000000 |CMP ECX,0FF
00438E20  |.  74 5A       |JE SHORT WaGan.00438E7C
00438E22  |.  8A55 18    |MOV DL,BYTE PTR SS:[EBP+18]
00438E25  |.  52          |PUSH EDX                               ; /Arg3
00438E26  |.  8B45 08    |MOV EAX,DWORD PTR SS:[EBP+8]          ; |
00438E29  |.  8A08       |MOV CL,BYTE PTR DS:[EAX]             ; |
00438E2B  |.  51          |PUSH ECX                               ; |Arg2
00438E2C  |.  8A55 14    |MOV DL,BYTE PTR SS:[EBP+14]          ; |
00438E2F  |.  52          |PUSH EDX                               ; |Arg1
00438E30  |.  E8 BA020000 |CALL WaGan.004390EF                   ; \WaGan.004390EF
00438E35  |.  83C4 0C    |ADD ESP,0C
00438E38  |.  85C0       |TEST EAX,EAX
00438E3A  |.  74 3B       |JE SHORT WaGan.00438E77
00438E3C  |.  8B45 FC    |MOV EAX,DWORD PTR SS:[EBP-4]
00438E3F  |.  83C0 03    |ADD EAX,3
00438E42  |.  8945 FC    |MOV DWORD PTR SS:[EBP-4],EAX
00438E45  |.  8B4D 08    |MOV ECX,DWORD PTR SS:[EBP+8]
00438E48  |.  33D2       |XOR EDX,EDX
00438E4A  |.  8A11       |MOV DL,BYTE PTR DS:[ECX]
00438E4C  |.  8BF2       |MOV ESI,EDX
00438E4E  |.  8B4D 14    |MOV ECX,DWORD PTR SS:[EBP+14]
00438E51  |.  81E1 FF000000 |AND ECX,0FF
00438E57  |.  6BC9 24    |IMUL ECX,ECX,24
00438E5A  |.  81C1 502C4B00 |ADD ECX,WaGan.004B2C50
00438E60  |.  E8 AB34FEFF |CALL WaGan.0041C310
00438E65  |.  25 FF000000 |AND EAX,0FF
00438E6A  |.  3BF0       |CMP ESI,EAX
00438E6C  |.  75 09       |JNZ SHORT WaGan.00438E77
00438E6E  |.  8B45 FC    |MOV EAX,DWORD PTR SS:[EBP-4]
00438E71  |.  83C0 03    |ADD EAX,3
00438E74  |.  8945 FC    |MOV DWORD PTR SS:[EBP-4],EAX
00438E77  |>  E9 8F000000 |JMP WaGan.00438F0B

00438E7C  |>  8B4D 08    |MOV ECX,DWORD PTR SS:[EBP+8]
00438E7F  |.  33D2       |XOR EDX,EDX
00438E81  |.  8A11       |MOV DL,BYTE PTR DS:[ECX]
00438E83  |.  8BCA       |MOV ECX,EDX
00438E85  |.  6BC9 24    |IMUL ECX,ECX,24
00438E88  |.  81C1 502C4B00 |ADD ECX,WaGan.004B2C50
00438E8E  |.  E8 DD670200 |CALL WaGan.0045F670    获取武将ecx的data编号
00438E93  |.  6BC0 48    |IMUL EAX,EAX,48
00438E96  |.  05 0000D600 |ADD EAX,0D60000
00438E9B  |.  8945 F8    |MOV DWORD PTR SS:[EBP-8],EAX          SS:[EBP-8]存DATA内存地址
00438E9E  |.  6A 00       |PUSH 0 非实际
00438EA0  |.  6A 00       |PUSH 0 非反击
00438EA2  |.  8B45 F8    |MOV EAX,DWORD PTR SS:[EBP-8]
00438EA5  |.  50          |PUSH EAX                      被攻击武将
00438EA6  |.  8B4D 14    |MOV ECX,DWORD PTR SS:[EBP+14]
00438EA9  |.  81E1 FF000000 |AND ECX,0FF
00438EAF  |.  6BC9 24    |IMUL ECX,ECX,24
00438EB2  |.  81C1 502C4B00 |ADD ECX,WaGan.004B2C50    攻击武将
00438EB8  |.  E8 8E2D0000 |CALL WaGan.0043BC4B  获取武将ecx对武将08栈的物理攻击伤害，
00438EBD  |.  8945 F4    |MOV DWORD PTR SS:[EBP-C],EAX
00438EC0  |.  8B4D 08    |MOV ECX,DWORD PTR SS:[EBP+8]
00438EC3  |.  33D2       |XOR EDX,EDX
00438EC5  |.  8A11       |MOV DL,BYTE PTR DS:[ECX]
00438EC7  |.  8BCA       |MOV ECX,EDX
00438EC9  |.  6BC9 24    |IMUL ECX,ECX,24
00438ECC  |.  81C1 502C4B00 |ADD ECX,WaGan.004B2C50
00438ED2  |.  E8 B99D0300 |CALL WaGan.00472C90 返回被攻击武将的当前体力
00438ED7  |.  3945 F4    |CMP DWORD PTR SS:[EBP-C],EAX
00438EDA  |.  72 0B       |JB SHORT WaGan.00438EE7    小于则跳转，未小于表示可以砍死
00438EDC  |.  8B45 FC    |MOV EAX,DWORD PTR SS:[EBP-4]
00438EDF  |.  83C0 0A    |ADD EAX,0A                   权值 +10
00438EE2  |.  8945 FC    |MOV DWORD PTR SS:[EBP-4],EAX
00438EE5  |.  EB 24       |JMP SHORT WaGan.00438F0B
00438EE7  |>  8B75 F4    |MOV ESI,DWORD PTR SS:[EBP-C]
00438EEA  |.  6BF6 0A    |IMUL ESI,ESI,0A
00438EED  |.  8B4D F8    |MOV ECX,DWORD PTR SS:[EBP-8]
00438EF0  |.  E8 26E3FCFF |CALL WaGan.0040721B 获取被攻击人的士气+全身道具效果值和
00438EF5  |.  8BC8       |MOV ECX,EAX
00438EF7  |.  8BC6       |MOV EAX,ESI
00438EF9  |.  33D2       |XOR EDX,EDX
00438EFB  |.  F7F1       |DIV ECX
00438EFD  |.  83F8 01    |CMP EAX,1
00438F00  |.  72 09       |JB SHORT WaGan.00438F0B          估算*10  小于被攻击人的士气+全身道具效果值和则跳转
00438F02  |.  8B55 FC    |MOV EDX,DWORD PTR SS:[EBP-4]
00438F05  |.  83C2 04    |ADD EDX,4                      -4变量 +4
00438F08  |.  8955 FC    |MOV DWORD PTR SS:[EBP-4],EDX
00438F0B  |>  E9 8F010000 |JMP WaGan.0043909F
00438F10  |>  8A45 18    |MOV AL,BYTE PTR SS:[EBP+18]
00438F13  |.  50          |PUSH EAX                               ; /Arg3
00438F14  |.  8B4D 08    |MOV ECX,DWORD PTR SS:[EBP+8]          ; |
00438F17  |.  8A11       |MOV DL,BYTE PTR DS:[ECX]             ; |
00438F19  |.  52          |PUSH EDX                               ; |Arg2
00438F1A  |.  8A45 14    |MOV AL,BYTE PTR SS:[EBP+14]          ; |
00438F1D  |.  50          |PUSH EAX                               ; |Arg1
00438F1E  |.  E8 CC010000 |CALL WaGan.004390EF                   ; \WaGan.004390EF
00438F23  |.  83C4 0C    |ADD ESP,0C
00438F26  |.  85C0       |TEST EAX,EAX
00438F28  |.  74 57       |JE SHORT WaGan.00438F81
00438F2A  |.  8B4D 08    |MOV ECX,DWORD PTR SS:[EBP+8]
00438F2D  |.  33D2       |XOR EDX,EDX
00438F2F  |.  8A11       |MOV DL,BYTE PTR DS:[ECX]
00438F31  |.  8BCA       |MOV ECX,EDX
00438F33  |.  6BC9 24    |IMUL ECX,ECX,24
00438F36  |.  81C1 502C4B00 |ADD ECX,WaGan.004B2C50
00438F3C  |.  E8 4F9D0300 |CALL WaGan.00472C90
00438F41  |.  8BF0       |MOV ESI,EAX
00438F43  |.  6BF6 64    |IMUL ESI,ESI,64
00438F46  |.  8B45 08    |MOV EAX,DWORD PTR SS:[EBP+8]
00438F49  |.  33C9       |XOR ECX,ECX
00438F4B  |.  8A08       |MOV CL,BYTE PTR DS:[EAX]
00438F4D  |.  6BC9 24    |IMUL ECX,ECX,24
00438F50  |.  81C1 502C4B00 |ADD ECX,WaGan.004B2C50
00438F56  |.  E8 15670200 |CALL WaGan.0045F670
00438F5B  |.  8BC8       |MOV ECX,EAX
00438F5D  |.  6BC9 48    |IMUL ECX,ECX,48
00438F60  |.  81C1 0000D600 |ADD ECX,0D60000
00438F66  |.  E8 B0E2FCFF |CALL WaGan.0040721B
00438F6B  |.  8BC8       |MOV ECX,EAX
00438F6D  |.  8BC6       |MOV EAX,ESI
00438F6F  |.  33D2       |XOR EDX,EDX
00438F71  |.  F7F1       |DIV ECX
00438F73  |.  83F8 3C    |CMP EAX,3C
00438F76  |.  73 09       |JNB SHORT WaGan.00438F81
00438F78  |.  8B55 FC    |MOV EDX,DWORD PTR SS:[EBP-4]
00438F7B  |.  83C2 05    |ADD EDX,5
00438F7E  |.  8955 FC    |MOV DWORD PTR SS:[EBP-4],EDX
00438F81  |>  E9 19010000 |JMP WaGan.0043909F
00438F86  |>  8A45 18    |MOV AL,BYTE PTR SS:[EBP+18]
00438F89  |.  50          |PUSH EAX                               ; /Arg3
00438F8A  |.  8B4D 08    |MOV ECX,DWORD PTR SS:[EBP+8]          ; |
00438F8D  |.  8A11       |MOV DL,BYTE PTR DS:[ECX]             ; |
00438F8F  |.  52          |PUSH EDX                               ; |Arg2
00438F90  |.  8A45 14    |MOV AL,BYTE PTR SS:[EBP+14]          ; |
00438F93  |.  50          |PUSH EAX                               ; |Arg1
00438F94  |.  E8 56010000 |CALL WaGan.004390EF                   ; \WaGan.004390EF
00438F99  |.  83C4 0C    |ADD ESP,0C
00438F9C  |.  85C0       |TEST EAX,EAX
00438F9E  |.  74 2A       |JE SHORT WaGan.00438FCA
00438FA0  |.  8B4D 08    |MOV ECX,DWORD PTR SS:[EBP+8]
00438FA3  |.  33D2       |XOR EDX,EDX
00438FA5  |.  8A11       |MOV DL,BYTE PTR DS:[ECX]
00438FA7  |.  8BCA       |MOV ECX,EDX
00438FA9  |.  6BC9 24    |IMUL ECX,ECX,24
00438FAC  |.  81C1 502C4B00 |ADD ECX,WaGan.004B2C50
00438FB2  |.  E8 D94FFEFF |CALL WaGan.0041DF90
00438FB7  |.  25 FF000000 |AND EAX,0FF
00438FBC  |.  83F8 04    |CMP EAX,4
00438FBF  |.  7D 09       |JGE SHORT WaGan.00438FCA
00438FC1  |.  8B45 FC    |MOV EAX,DWORD PTR SS:[EBP-4]
00438FC4  |.  83C0 03    |ADD EAX,3
00438FC7  |.  8945 FC    |MOV DWORD PTR SS:[EBP-4],EAX
00438FCA  |>  E9 D0000000 |JMP WaGan.0043909F
00438FCF  |>  8A4D 18    |MOV CL,BYTE PTR SS:[EBP+18]
00438FD2  |.  51          |PUSH ECX                               ; /Arg3
00438FD3  |.  8B55 08    |MOV EDX,DWORD PTR SS:[EBP+8]          ; |
00438FD6  |.  8A02       |MOV AL,BYTE PTR DS:[EDX]             ; |
00438FD8  |.  50          |PUSH EAX                               ; |Arg2
00438FD9  |.  8A4D 14    |MOV CL,BYTE PTR SS:[EBP+14]          ; |
00438FDC  |.  51          |PUSH ECX                               ; |Arg1
00438FDD  |.  E8 0D010000 |CALL WaGan.004390EF                   ; \WaGan.004390EF
00438FE2  |.  83C4 0C    |ADD ESP,0C
00438FE5  |.  85C0       |TEST EAX,EAX
00438FE7  |.  74 2A       |JE SHORT WaGan.00439013
00438FE9  |.  8B55 08    |MOV EDX,DWORD PTR SS:[EBP+8]
00438FEC  |.  33C0       |XOR EAX,EAX
00438FEE  |.  8A02       |MOV AL,BYTE PTR DS:[EDX]
00438FF0  |.  8BC8       |MOV ECX,EAX
00438FF2  |.  6BC9 24    |IMUL ECX,ECX,24
00438FF5  |.  81C1 502C4B00 |ADD ECX,WaGan.004B2C50
00438FFB  |.  E8 B04FFEFF |CALL WaGan.0041DFB0
00439000  |.  25 FF000000 |AND EAX,0FF
00439005  |.  83F8 04    |CMP EAX,4
00439008  |.  7D 09       |JGE SHORT WaGan.00439013
0043900A  |.  8B4D FC    |MOV ECX,DWORD PTR SS:[EBP-4]
0043900D  |.  83C1 03    |ADD ECX,3
00439010  |.  894D FC    |MOV DWORD PTR SS:[EBP-4],ECX
00439013  |>  E9 87000000 |JMP WaGan.0043909F
00439018  |>  8A55 18    |MOV DL,BYTE PTR SS:[EBP+18]
0043901B  |.  52          |PUSH EDX                               ; /Arg3
0043901C  |.  8B45 08    |MOV EAX,DWORD PTR SS:[EBP+8]          ; |
0043901F  |.  8A08       |MOV CL,BYTE PTR DS:[EAX]             ; |
00439021  |.  51          |PUSH ECX                               ; |Arg2
00439022  |.  8A55 14    |MOV DL,BYTE PTR SS:[EBP+14]          ; |
00439025  |.  52          |PUSH EDX                               ; |Arg1
00439026  |.  E8 C4000000 |CALL WaGan.004390EF                   ; \WaGan.004390EF
0043902B  |.  83C4 0C    |ADD ESP,0C
0043902E  |.  85C0       |TEST EAX,EAX
00439030  |.  74 28       |JE SHORT WaGan.0043905A
00439032  |.  8B45 08    |MOV EAX,DWORD PTR SS:[EBP+8]
00439035  |.  33C9       |XOR ECX,ECX
00439037  |.  8A08       |MOV CL,BYTE PTR DS:[EAX]
00439039  |.  6BC9 24    |IMUL ECX,ECX,24
0043903C  |.  81C1 502C4B00 |ADD ECX,WaGan.004B2C50
00439042  |.  E8 694FFEFF |CALL WaGan.0041DFB0
00439047  |.  25 FF000000 |AND EAX,0FF
0043904C  |.  83F8 04    |CMP EAX,4
0043904F  |.  7D 09       |JGE SHORT WaGan.0043905A
00439051  |.  8B55 FC    |MOV EDX,DWORD PTR SS:[EBP-4]
00439054  |.  83C2 03    |ADD EDX,3
00439057  |.  8955 FC    |MOV DWORD PTR SS:[EBP-4],EDX
0043905A  |>  EB 43       |JMP SHORT WaGan.0043909F
0043905C  |>  8A45 18    |MOV AL,BYTE PTR SS:[EBP+18]
0043905F  |.  50          |PUSH EAX                               ; /Arg3
00439060  |.  8B4D 08    |MOV ECX,DWORD PTR SS:[EBP+8]          ; |
00439063  |.  8A11       |MOV DL,BYTE PTR DS:[ECX]             ; |
00439065  |.  52          |PUSH EDX                               ; |Arg2
00439066  |.  8A45 14    |MOV AL,BYTE PTR SS:[EBP+14]          ; |
00439069  |.  50          |PUSH EAX                               ; |Arg1
0043906A  |.  E8 80000000 |CALL WaGan.004390EF                   ; \WaGan.004390EF
0043906F  |.  83C4 0C    |ADD ESP,0C
00439072  |.  85C0       |TEST EAX,EAX
00439074  |.  74 29       |JE SHORT WaGan.0043909F
00439076  |.  8B4D 08    |MOV ECX,DWORD PTR SS:[EBP+8]
00439079  |.  33D2       |XOR EDX,EDX
0043907B  |.  8A11       |MOV DL,BYTE PTR DS:[ECX]
0043907D  |.  8BCA       |MOV ECX,EDX
0043907F  |.  6BC9 24    |IMUL ECX,ECX,24
00439082  |.  81C1 502C4B00 |ADD ECX,WaGan.004B2C50
00439088  |.  E8 A34FFEFF |CALL WaGan.0041E030
0043908D  |.  25 FF000000 |AND EAX,0FF
00439092  |.  85C0       |TEST EAX,EAX
00439094  |.  74 09       |JE SHORT WaGan.0043909F
00439096  |.  8B45 FC    |MOV EAX,DWORD PTR SS:[EBP-4]
00439099  |.  83C0 03    |ADD EAX,3
0043909C  |.  8945 FC    |MOV DWORD PTR SS:[EBP-4],EAX
0043909F  |>  8B4D 08    |MOV ECX,DWORD PTR SS:[EBP+8]
004390A2  |.  83C1 01    |ADD ECX,1
004390A5  |.  894D 08    |MOV DWORD PTR SS:[EBP+8],ECX
004390A8  |.^ E9 31FDFFFF \JMP WaGan.00438DDE                下一个循环
004390AD  |>  8B55 0C    MOV EDX,DWORD PTR SS:[EBP+C]       原来估算值
004390B0  |.  0355 FC    ADD EDX,DWORD PTR SS:[EBP-4]          加上循环内的估算值
004390B3  |.  85D2       TEST EDX,EDX
004390B5  |.  7E 0B       JLE SHORT WaGan.004390C2       为0则跳转
004390B7  |.  8B45 0C    MOV EAX,DWORD PTR SS:[EBP+C]
004390BA  |.  0345 FC    ADD EAX,DWORD PTR SS:[EBP-4]
004390BD  |.  8945 EC    MOV DWORD PTR SS:[EBP-14],EAX
004390C0  |.  EB 07       JMP SHORT WaGan.004390C9
004390C2  |>  C745 EC 00000>MOV DWORD PTR SS:[EBP-14],0
004390C9  |>  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]
004390CC  |.  894D FC    MOV DWORD PTR SS:[EBP-4],ECX
004390CF  |.  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
004390D2  |.  5E          POP ESI
004390D3  |.  8BE5       MOV ESP,EBP
004390D5  |.  5D          POP EBP
004390D6  \.  C3          RETN

0040721B
0040721B  /$  55          PUSH EBP
0040721C  |.  8BEC       MOV EBP,ESP
0040721E  |.  51          PUSH ECX
0040721F  |.  894D FC    MOV DWORD PTR SS:[EBP-4],ECX
00407222  |.  68 0F270000 PUSH 1F4                            ; /Arg3 = 0000270F          ==========500
      00407227  |.  6A 05       PUSH 5                               ; |/Arg1 = 00000005
00407229  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]          ; ||
0040722C  |.  E8 DD090000 CALL WaGan.00407C0E                   ; |\WaGan.00407C0E
00407231  |.  25 FF000000 AND EAX,0FF                            ; |
00407236  |.  50          PUSH EAX                               ; |Arg2
00407237  |.  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]          ; |
0040723A  |.  8B48 1C    MOV ECX,DWORD PTR DS:[EAX+1C]          ; |       这个是被攻击人的士气
0040723D  |.  51          PUSH ECX                               ; |Arg1
0040723E  |.  E8 46880700 CALL WaGan.0047FA89                   ; \WaGan.0047FA89
0047FA89  /$  55          PUSH EBP
0047FA8A  |.  8B4C24 0C    MOV ECX,DWORD PTR SS:[ESP+C]
0047FA8E  |.  8BEC       MOV EBP,ESP
0047FA90  |.  034D 08    ADD ECX,DWORD PTR SS:[EBP+8]
0047FA93  |.  8B45 10    MOV EAX,DWORD PTR SS:[EBP+10]
0047FA96  |.  3BC8       CMP ECX,EAX
0047FA98  |.  7F 02       JG SHORT WaGan.0047FA9C
0047FA9A  |.  8BC1       MOV EAX,ECX
0047FA9C  |>  5D          POP EBP
0047FA9D  \.  C3          RETN

00407243  |.  83C4 0C    ADD ESP,0C
00407246  |.  8BE5       MOV ESP,EBP
00407248  |.  5D          POP EBP
00407249  \.  C3          RETN

ECX AI准备攻击人物的Data内存地址
EBP+8 等于5
EBP-10  AI准备攻击人物的Data内存地址
EBP-8 计数器
EBP-C 计数器

00407C0E  /$  55          PUSH EBP
00407C0F  |.  8BEC       MOV EBP,ESP
00407C11  |.  83EC 10    SUB ESP,10
00407C14  |.  894D F0    MOV DWORD PTR SS:[EBP-10],ECX
00407C17  |.  C645 F4 00 MOV BYTE PTR SS:[EBP-C],0
00407C1B  |.  C645 F8 00 MOV BYTE PTR SS:[EBP-8],0
00407C1F  |.  EB 08       JMP SHORT Ekd5英杰.00407C29
00407C21  |>  8A45 F8    /MOV AL,BYTE PTR SS:[EBP-8]
00407C24  |.  04 01       |ADD AL,1
00407C26  |.  8845 F8    |MOV BYTE PTR SS:[EBP-8],AL
00407C29  |>  8B4D F8       MOV ECX,DWORD PTR SS:[EBP-8]
00407C2C  |.  81E1 FF000000 |AND ECX,0FF
00407C32  |.  83F9 01    |CMP ECX,1
00407C35  |.  0F8F D5000000 |JG Ekd5英杰.00407D10             大于1则跳转
00407C3B  |.  8A55 F8    |MOV DL,BYTE PTR SS:[EBP-8]
00407C3E  |.  52          |PUSH EDX                               ; /Arg1  (一次0，一次1)
00407C3F  |.  8B4D F0    |MOV ECX,DWORD PTR SS:[EBP-10]          ; |
00407C42  |.  E8 A9E9FFFF |CALL Ekd5英杰.004065F0             ; \Ekd5英杰.004065F0  获取武将ecx的道具代码(08栈值为012武器防具辅助)
00407C47  |.  8845 FC    |MOV BYTE PTR SS:[EBP-4],AL
00407C4A  |.  8B45 FC    |MOV EAX,DWORD PTR SS:[EBP-4]
00407C4D  |.  25 FF000000 |AND EAX,0FF
00407C52  |.  3D FF000000 |CMP EAX,0FF
00407C57  |.  0F84 AE000000 |JE Ekd5英杰.00407D0B       无道具跳转
00407C5D  |.  8B4D FC    |MOV ECX,DWORD PTR SS:[EBP-4]
00407C60  |.  81E1 FF000000 |AND ECX,0FF
00407C66  |.  51          |PUSH ECX                               ; /Arg1
00407C67  |.  E8 AEEBFFFF |CALL Ekd5英杰.0040681A    ; \获取道具主要加什么，攻击性武器为0，非攻击性武器为2，防具为1，
00407C6C  |.  83C4 04    |ADD ESP,4
00407C6F  |.  25 FF000000 |AND EAX,0FF
00407C74  |.  8B55 08    |MOV EDX,DWORD PTR SS:[EBP+8]
00407C77  |.  81E2 FF000000 |AND EDX,0FF
00407C7D  |.  3BC2       |CMP EAX,EDX
00407C7F  |.  75 2C       |JNZ SHORT Ekd5英杰.00407CAD    不等于5跳转
00407C81  |.  8A45 F8    |MOV AL,BYTE PTR SS:[EBP-8]
00407C84  |.  50          |PUSH EAX                               ; /Arg1
00407C85  |.  8B4D F0    |MOV ECX,DWORD PTR SS:[EBP-10]          ; |
00407C88  |.  E8 53190000 |CALL Ekd5英杰.004095E0             获取武将ecx的道具等级(08栈值为012武器防具辅助)
00407C8D  |.  50          |PUSH EAX                               ; /Arg1
00407C8E  |.  8B4D FC    |MOV ECX,DWORD PTR SS:[EBP-4]          ; |
00407C91  |.  81E1 FF000000 |AND ECX,0FF                            ; |
00407C97  |.  6BC9 19    |IMUL ECX,ECX,19                      ; |
00407C9A  |.  81C1 40114A00 |ADD ECX,Ekd5英杰.004A1140                ; |
00407CA0  |.  E8 CF490000 |CALL Ekd5英杰.0040C674          获取武器护具ecx等级为08栈值时候的效果值
00407CA5  |.  8A4D F4    |MOV CL,BYTE PTR SS:[EBP-C]
00407CA8  |.  02C8       |ADD CL,AL
00407CAA  |.  884D F4    |MOV BYTE PTR SS:[EBP-C],CL
00407CAD  |>  8B4D FC    |MOV ECX,DWORD PTR SS:[EBP-4]
00407CB0  |.  81E1 FF000000 |AND ECX,0FF
00407CB6  |.  6BC9 19    |IMUL ECX,ECX,19
00407CB9  |.  81C1 40114A00 |ADD ECX,Ekd5英杰.004A1140
00407CBF  |.  E8 AA4A0000 |CALL Ekd5英杰.0040C76E    获取道具ecx的武器类型是否为特殊
00407CC4  |.  85C0       |TEST EAX,EAX
00407CC6  |.  74 43       |JE SHORT Ekd5英杰.00407D0B
00407CC8  |.  8B55 FC    |MOV EDX,DWORD PTR SS:[EBP-4]
00407CCB  |.  81E2 FF000000 |AND EDX,0FF
00407CD1  |.  52          |PUSH EDX                               ; /Arg1
00407CD2  |.  E8 B7EAFFFF |CALL Ekd5英杰.0040678E    获取道具08栈的特殊效果加什么，0~8分别为攻防精暴士体法移经
00407CD7  |.  83C4 04    |ADD ESP,4
00407CDA  |.  25 FF000000 |AND EAX,0FF
00407CDF  |.  8B4D 08    |MOV ECX,DWORD PTR SS:[EBP+8]
00407CE2  |.  81E1 FF000000 |AND ECX,0FF
00407CE8  |.  3BC1       |CMP EAX,ECX
00407CEA  |.  75 1F       |JNZ SHORT Ekd5英杰.00407D0B
00407CEC  |.  8B4D FC    |MOV ECX,DWORD PTR SS:[EBP-4]
00407CEF  |.  81E1 FF000000 |AND ECX,0FF
00407CF5  |.  6BC9 19    |IMUL ECX,ECX,19
00407CF8  |.  81C1 40114A00 |ADD ECX,Ekd5英杰.004A1140
00407CFE  |.  E8 AD600100 |CALL Ekd5英杰.0041DDB0 获取道具ecx的特殊效果值
00407D03  |.  8A55 F4    |MOV DL,BYTE PTR SS:[EBP-C]
00407D06  |.  02D0       |ADD DL,AL
00407D08  |.  8855 F4    |MOV BYTE PTR SS:[EBP-C],DL
00407D0B  |>^ E9 11FFFFFF \JMP Ekd5英杰.00407C21
00407D10  |>  6A 02       PUSH 2                                  ; /Arg1 = 00000002  辅助
00407D12  |.  8B4D F0    MOV ECX,DWORD PTR SS:[EBP-10]          ; |
00407D15  |.  E8 D6E8FFFF CALL Ekd5英杰.004065F0       获取武将ecx的辅助道具代码
00407D1A  |.  8845 FC    MOV BYTE PTR SS:[EBP-4],AL
00407D1D  |.  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
00407D20  |.  25 FF000000 AND EAX,0FF
00407D25  |.  3D FF000000 CMP EAX,0FF
00407D2A  |.  74 43       JE SHORT Ekd5英杰.00407D6F
00407D2C  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
00407D2F  |.  81E1 FF000000 AND ECX,0FF
00407D35  |.  51          PUSH ECX                               ; /Arg1
00407D36  |.  E8 DFEAFFFF CALL Ekd5英杰.0040681A       ; \获取道具主要加什么，攻击性武器为0，非攻击性武器为2，防具为1，
00407D3B  |.  83C4 04    ADD ESP,4
00407D3E  |.  25 FF000000 AND EAX,0FF
00407D43  |.  8B55 08    MOV EDX,DWORD PTR SS:[EBP+8]
00407D46  |.  81E2 FF000000 AND EDX,0FF
00407D4C  |.  3BC2       CMP EAX,EDX
00407D4E  |.  75 1F       JNZ SHORT Ekd5英杰.00407D6F
00407D50  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
00407D53  |.  81E1 FF000000 AND ECX,0FF
00407D59  |.  6BC9 19    IMUL ECX,ECX,19
00407D5C  |.  81C1 40114A00 ADD ECX,Ekd5英杰.004A1140
00407D62  |.  E8 09600100 CALL Ekd5英杰.0041DD70  获取道具ecx的特殊效果值
00407D67  |.  8A4D F4    MOV CL,BYTE PTR SS:[EBP-C]
00407D6A  |.  02C8       ADD CL,AL
00407D6C  |.  884D F4    MOV BYTE PTR SS:[EBP-C],CL
00407D6F  |>  8A45 F4    MOV AL,BYTE PTR SS:[EBP-C]
00407D72  |.  8BE5       MOV ESP,EBP
00407D74  |.  5D          POP EBP
00407D75  \.  C2 0400    RETN 4

[广告] 真诚支持说岳，携手共创辉煌


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#52

发表于 2007-12-30 21:40 资料个人空间短消息只看该作者

77指令(新引擎新写的)

004D03DE 55             PUSH EBP
004D03DF 8BEC          MOV EBP,ESP
004D03E1 83EC 20       SUB ESP,20
004D03E4 6A 51          PUSH 51
004D03E6 8B4D 08       MOV ECX,DWORD PTR SS:[EBP+8]
004D03E9 E8 0980F4FF    CALL WaGan.004183F7
004D03EE 25 FFFF0000    AND EAX,0FFFF
004D03F3 3D 00800000    CMP EAX,8000
004D03F8 75 05          JNZ SHORT WaGan.004D03FF
004D03FA E9 110E0000    JMP WaGan.004D1210                      ; 失败退出
004D03FF 8945 FC       MOV DWORD PTR SS:[EBP-4],EAX
004D0402 6A 04          PUSH 4
004D0404 8B4D 08       MOV ECX,DWORD PTR SS:[EBP+8]
004D0407 E8 EB7FF4FF    CALL WaGan.004183F7
004D040C 3D 00000080    CMP EAX,80000000
004D0411 75 05          JNZ SHORT WaGan.004D0418
004D0413 E9 F80D0000    JMP WaGan.004D1210                      ; 失败退出
004D0418 8945 F8       MOV DWORD PTR SS:[EBP-8],EAX
004D041B 6A 53          PUSH 53
004D041D 8B4D 08       MOV ECX,DWORD PTR SS:[EBP+8]
004D0420 E8 D27FF4FF    CALL WaGan.004183F7
004D0425 25 FFFF0000    AND EAX,0FFFF
004D042A 3D 00800000    CMP EAX,8000
004D042F 75 05          JNZ SHORT WaGan.004D0436
004D0431 E9 DA0D0000    JMP WaGan.004D1210                      ; 退出
004D0436 8945 F4       MOV DWORD PTR SS:[EBP-C],EAX
004D0439 6A 52          PUSH 52
004D043B 8B4D 08       MOV ECX,DWORD PTR SS:[EBP+8]
004D043E E8 B47FF4FF    CALL WaGan.004183F7
004D0443 25 FFFF0000    AND EAX,0FFFF
004D0448 3D 00800000    CMP EAX,8000
004D044D 75 05          JNZ SHORT WaGan.004D0454
004D044F E9 BC0D0000    JMP WaGan.004D1210
004D0454 8945 F0       MOV DWORD PTR SS:[EBP-10],EAX
004D0457 6A 04          PUSH 4
004D0459 8B4D 08       MOV ECX,DWORD PTR SS:[EBP+8]
004D045C E8 967FF4FF    CALL WaGan.004183F7
004D0461 3D 00000080    CMP EAX,80000000
004D0466 75 05          JNZ SHORT WaGan.004D046D
004D0468 E9 A30D0000    JMP WaGan.004D1210                      ; 退出
004D046D 8945 EC       MOV DWORD PTR SS:[EBP-14],EAX
004D0470 8B45 FC       MOV EAX,DWORD PTR SS:[EBP-4]
004D0473 85C0          TEST EAX,EAX
004D0475 74 0F          JE SHORT WaGan.004D0486
004D0477 83F8 01       CMP EAX,1
004D047A 74 27          JE SHORT WaGan.004D04A3
004D047C 83F8 02       CMP EAX,2
004D047F 74 3D          JE SHORT WaGan.004D04BE
004D0481 E9 8A0D0000    JMP WaGan.004D1210                      ; 退出
004D0486 8B45 F8       MOV EAX,DWORD PTR SS:[EBP-8]          ; *p
004D0489 3D 00080000    CMP EAX,800
004D048E 0F83 7C0D0000 JNB WaGan.004D1210                      ; 越界
004D0494 6BC0 04       IMUL EAX,EAX,4
004D0497 05 00C05500    ADD EAX,WaGan.0055C000
004D049C 8B08          MOV ECX,DWORD PTR DS:[EAX]
004D049E 894D E8       MOV DWORD PTR SS:[EBP-18],ECX
004D04A1 EB 34          JMP SHORT WaGan.004D04D7
004D04A3 8B45 F8       MOV EAX,DWORD PTR SS:[EBP-8]          ; &p
004D04A6 3D 00080000    CMP EAX,800
004D04AB 0F83 5F0D0000 JNB WaGan.004D1210                      ; 越界
004D04B1 6BC0 04       IMUL EAX,EAX,4
004D04B4 05 00C05500    ADD EAX,WaGan.0055C000
004D04B9 8945 E8       MOV DWORD PTR SS:[EBP-18],EAX
004D04BC EB 19          JMP SHORT WaGan.004D04D7
004D04BE 8B45 F8       MOV EAX,DWORD PTR SS:[EBP-8]          ; A
004D04C1 3D 00100000    CMP EAX,1000
004D04C6 0F83 440D0000 JNB WaGan.004D1210                      ; 越界
004D04CC 6BC0 04       IMUL EAX,EAX,4
004D04CF 05 00B05500    ADD EAX,WaGan.0055B000
004D04D4 8945 E8       MOV DWORD PTR SS:[EBP-18],EAX
004D04D7 8B45 F0       MOV EAX,DWORD PTR SS:[EBP-10]
004D04DA 85C0          TEST EAX,EAX
004D04DC 74 14          JE SHORT WaGan.004D04F2
004D04DE 83F8 01       CMP EAX,1
004D04E1 74 17          JE SHORT WaGan.004D04FA
004D04E3 83F8 02       CMP EAX,2
004D04E6 74 2F          JE SHORT WaGan.004D0517
004D04E8 83F8 03       CMP EAX,3
004D04EB 74 45          JE SHORT WaGan.004D0532
004D04ED E9 1E0D0000    JMP WaGan.004D1210                      ; 退出
004D04F2 8B45 EC       MOV EAX,DWORD PTR SS:[EBP-14]          ; 常数
004D04F5 8945 E4       MOV DWORD PTR SS:[EBP-1C],EAX
004D04F8 EB 51          JMP SHORT WaGan.004D054B
004D04FA 8B45 EC       MOV EAX,DWORD PTR SS:[EBP-14]          ; *p
004D04FD 3D 00080000    CMP EAX,800
004D0502 0F83 080D0000 JNB WaGan.004D1210                      ; 越界
004D0508 6BC0 04       IMUL EAX,EAX,4
004D050B 05 00C05500    ADD EAX,WaGan.0055C000
004D0510 8B08          MOV ECX,DWORD PTR DS:[EAX]
004D0512 894D E4       MOV DWORD PTR SS:[EBP-1C],ECX
004D0515 EB 34          JMP SHORT WaGan.004D054B
004D0517 8B45 EC       MOV EAX,DWORD PTR SS:[EBP-14]          ; &p
004D051A 3D 00080000    CMP EAX,800
004D051F 0F83 EB0C0000 JNB WaGan.004D1210                      ; 越界
004D0525 6BC0 04       IMUL EAX,EAX,4
004D0528 05 00C05500    ADD EAX,WaGan.0055C000
004D052D 8945 E4       MOV DWORD PTR SS:[EBP-1C],EAX
004D0530 EB 19          JMP SHORT WaGan.004D054B
004D0532 8B45 EC       MOV EAX,DWORD PTR SS:[EBP-14]          ; A
004D0535 3D 00100000    CMP EAX,1000
004D053A 0F83 D00C0000 JNB WaGan.004D1210                      ; 越界
004D0540 6BC0 04       IMUL EAX,EAX,4
004D0543 05 00B05500    ADD EAX,WaGan.0055B000
004D0548 8945 E4       MOV DWORD PTR SS:[EBP-1C],EAX
004D054B 8B45 F4       MOV EAX,DWORD PTR SS:[EBP-C]
004D054E 85C0          TEST EAX,EAX                            ; +=
004D0550 74 1E          JE SHORT WaGan.004D0570
004D0552 83F8 01       CMP EAX,1
004D0555 74 08          JE SHORT WaGan.004D055F                ; -=
004D0557 83F8 02       CMP EAX,2
004D055A 74 1B          JE SHORT WaGan.004D0577                ; =
004D055C 83F8 03       CMP EAX,3
004D055F 74 1E          JE SHORT WaGan.004D057F                ; *=
004D0561 83F8 04       CMP EAX,4
004D0564 74 1F          JE SHORT WaGan.004D0585                ; /=
004D0566 83F8 05       CMP EAX,5
004D0569 74 20          JE SHORT WaGan.004D058B
004D056B E9 A00C0000    JMP WaGan.004D1210
004D0570 8B45 E8       MOV EAX,DWORD PTR SS:[EBP-18]
004D0573 8B4D E4       MOV ECX,DWORD PTR SS:[EBP-1C]
004D0576 03C1          ADD EAX,ECX
004D0578 90             NOP

[广告] 《精忠报国岳飞传完整版》火热发布


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#53

发表于 2007-12-30 21:41 资料个人空间短消息只看该作者

75指令特殊形象指定 555A000开始放人物特造(新引擎新写的指令)

004D100D 55             PUSH EBP
004D100E 8BEC          MOV EBP,ESP
004D1010 83EC 08       SUB ESP,8
004D1013 6A 02          PUSH 2
004D1015 8B4D 08       MOV ECX,DWORD PTR SS:[EBP+8]
004D1018 E8 DA73F4FF    CALL WaGan.004183F7
004D101D 25 FFFF0000    AND EAX,0FFFF
004D1022 8945 FC       MOV DWORD PTR SS:[EBP-4],EAX
004D1025 6A 50          PUSH 50
004D1027 8B4D 08       MOV ECX,DWORD PTR SS:[EBP+8]
004D102A E8 C873F4FF    CALL WaGan.004183F7
004D102F 25 FFFF0000    AND EAX,0FFFF
004D1034 8945 F8       MOV DWORD PTR SS:[EBP-8],EAX
004D1037 8B55 FC       MOV EDX,DWORD PTR SS:[EBP-4]
004D103A 8982 00A05505 MOV DWORD PTR DS:[EDX+555A000],EAX
004D1040 B8 01000000    MOV EAX,1
004D1045 8BE5          MOV ESP,EBP
004D1047 5C             POP EBP
004D1048 C3             RETN

[广告] 《精忠报国岳飞传完整版》火热发布


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#54

发表于 2007-12-30 21:41 资料个人空间短消息只看该作者

73指令,为YYP写的

[广告] 真诚支持说岳，携手共创辉煌


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#55

发表于 2007-12-30 21:42 资料个人空间短消息只看该作者

关于策略伤害

[广告] 《精忠报国岳飞传完整版》火热发布


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#56

发表于 2007-12-30 21:42 资料个人空间短消息只看该作者

36指令

[EBP-4]  放武将序号
[EBP-8]  放着比较的数字
[EBP-C]  放着函数求出来的数字
[EBP-10] 放着比较代号
[EBP-14] 放着大小关系00 >= , 01 < , 02 =
004112E9 .  55          PUSH EBP
004112EA .  8BEC       MOV EBP,ESP
004112EC .  83EC 1C    SUB ESP,1C
004112EF .  6A 02       PUSH 2                                  ; /Arg1 = 00000002
004112F1 .  8B4D 08    MOV ECX,DWORD PTR SS:[EBP+8]          ; |
004112F4 .  E8 FE700000 CALL EKD5.004183F7                      ; \EKD5.004183F7
004112F9 .  66:8945 FC MOV WORD PTR SS:[EBP-4],AX
004112FD .  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
00411300 .  25 FFFF0000 AND EAX,0FFFF
00411305 .  3D 00800000 CMP EAX,8000
0041130A .  75 0A       JNZ SHORT EKD5.00411316
0041130C .  B8 05000000 MOV EAX,5
00411311 .  E9 83010000 JMP EKD5.00411499
00411316 >  6A 23       PUSH 23                               ; /Arg1 = 00000023
00411318 .  8B4D 08    MOV ECX,DWORD PTR SS:[EBP+8]          ; |
0041131B .  E8 D7700000 CALL EKD5.004183F7                      ; \EKD5.004183F7
00411320 .  66:8945 F0 MOV WORD PTR SS:[EBP-10],AX
00411324 .  8B4D F0    MOV ECX,DWORD PTR SS:[EBP-10]
00411327 .  81E1 FFFF0000 AND ECX,0FFFF
0041132D .  81F9 00800000 CMP ECX,8000
00411333 .  75 0A       JNZ SHORT EKD5.0041133F
00411335 .  B8 05000000 MOV EAX,5
0041133A .  E9 5A010000 JMP EKD5.00411499
0041133F >  6A 04       PUSH 4                                  ; /Arg1 = 00000004
00411341 .  8B4D 08    MOV ECX,DWORD PTR SS:[EBP+8]          ; |
00411344 .  E8 AE700000 CALL EKD5.004183F7                      ; \EKD5.004183F7
00411349 .  8945 F8    MOV DWORD PTR SS:[EBP-8],EAX
0041134C .  817D F8 00000>CMP DWORD PTR SS:[EBP-8],80000000
00411353 .  75 0A       JNZ SHORT EKD5.0041135F
00411355 .  B8 05000000 MOV EAX,5
0041135A .  E9 3A010000 JMP EKD5.00411499
0041135F >  6A 24       PUSH 24                               ; /Arg1 = 00000024
00411361 .  8B4D 08    MOV ECX,DWORD PTR SS:[EBP+8]          ; |
00411364 .  E8 8E700000 CALL EKD5.004183F7                      ; \EKD5.004183F7
00411369 .  66:8945 EC MOV WORD PTR SS:[EBP-14],AX
0041136D .  8B55 EC    MOV EDX,DWORD PTR SS:[EBP-14]
00411370 .  81E2 FFFF0000 AND EDX,0FFFF
00411376 .  81FA 00800000 CMP EDX,8000
0041137C .  75 0A       JNZ SHORT EKD5.00411388
0041137E .  B8 05000000 MOV EAX,5
00411383 .  E9 11010000 JMP EKD5.00411499

00411388 >  E8 95A5FFFF CALL EKD5.0040B922       移动力有关  ???
0041138D .  85C0       TEST EAX,EAX
0041138F .  74 2E       JE SHORT EKD5.004113BF
00411391 .  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
00411394 .  25 FFFF0000 AND EAX,0FFFF
00411399 .  3D 00040000 CMP EAX,400
0041139E .  7C 1F       JL SHORT EKD5.004113BF
004113A0 .  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
004113A3 .  81E1 FFFF0000 AND ECX,0FFFF
004113A9 .  81F9 02040000 CMP ECX,402
004113AF .  7F 0E       JG SHORT EKD5.004113BF
004113B1 .  B9 F05D4B00 MOV ECX,EKD5.004B5DF0
004113B6 .  E8 704C0400 CALL EKD5.0045602B
004113BB .  66:8945 FC MOV WORD PTR SS:[EBP-4],AX

004113BF >  8B55 FC    MOV EDX,DWORD PTR SS:[EBP-4]
004113C2 .  81E2 FFFF0000 AND EDX,0FFFF
004113C8 .  81FA FFFF0000 CMP EDX,0FFFF
004113CE .  74 0F       JE SHORT EKD5.004113DF

004113D0 .  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
004113D3 .  25 FFFF0000 AND EAX,0FFFF
004113D8 .  3D 00040000 CMP EAX,400
004113DD .  7E 07       JLE SHORT EKD5.004113E6
004113DF >  33C0       XOR EAX,EAX
004113E1 .  E9 B3000000 JMP EKD5.00411499
004113E6 >  8B4D F0    MOV ECX,DWORD PTR SS:[EBP-10]
004113E9 .  81E1 FFFF0000 AND ECX,0FFFF
004113EF .  83F9 07    CMP ECX,7 测试HPCur
004113F2 .  74 25       JE SHORT EKD5.00411419
004113F4 .  83F9 08    CMP ECX,8 测试MPCur
004113F7 .  74 20       JE SHORT EKD5.00411419

004113F9 .  8A55 F0    MOV DL,BYTE PTR SS:[EBP-10]
004113FC .  52          PUSH EDX                               ; /Arg1
004113FD .  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]          ; |
00411400 .  81E1 FFFF0000 AND ECX,0FFFF                         ; |
00411406 .  6BC9 48    IMUL ECX,ECX,48                         ; |
00411409 .  81C1 0000D600 ADD ECX,0D60000                         ; |
0041140F .  E8 7359FFFF CALL EKD5.00406D87          ; \EKD5.00406D87 获取武将ecx的攻防精暴士体法，根据08栈值0~6
00411414 .  8945 F4    MOV DWORD PTR SS:[EBP-C],EAX
00411417 .  EB 44       JMP SHORT EKD5.0041145D

00411419 >  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
0041141C .  81E1 FFFF0000 AND ECX,0FFFF
00411422 .  6BC9 48    IMUL ECX,ECX,48
00411425 .  81C1 0000D600 ADD ECX,0D60000
0041142B .  E8 AC660600 CALL EKD5.00477ADC
00411430 .  8845 E8    MOV BYTE PTR SS:[EBP-18],AL
00411433 .  8B45 E8    MOV EAX,DWORD PTR SS:[EBP-18]
00411436 .  25 FF000000 AND EAX,0FF
0041143B .  3D FF000000 CMP EAX,0FF
00411440 .  74 17       JE SHORT EKD5.00411459
00411442 .  8B4D E8    MOV ECX,DWORD PTR SS:[EBP-18]
00411445 .  81E1 FF000000 AND ECX,0FF
0041144B .  6BC9 24    IMUL ECX,ECX,24
0041144E .  81C1 502C4B00 ADD ECX,EKD5.004B2C50
00411454 .^ E9 C856FFFF JMP EKD5.00406B21
00411459 >  33C0       XOR EAX,EAX
0041145B .  EB 3C       JMP SHORT EKD5.00411499

0041145D >  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]
00411460 .  81E1 FFFF0000 AND ECX,0FFFF
00411466 .  894D E4    MOV DWORD PTR SS:[EBP-1C],ECX
00411469 .  837D E4 00 CMP DWORD PTR SS:[EBP-1C],0
0041146D .  74 08       JE SHORT EKD5.00411477
0041146F .  837D E4 01 CMP DWORD PTR SS:[EBP-1C],1
00411473 .  74 0D       JE SHORT EKD5.00411482
00411475 .  EB 17       JMP SHORT EKD5.0041148E
00411477 >  8B55 F4    MOV EDX,DWORD PTR SS:[EBP-C]
0041147A .  3B55 F8    CMP EDX,DWORD PTR SS:[EBP-8]
0041147D .  1BC0       SBB EAX,EAX
0041147F .  40          INC EAX
00411480 .  EB 17       JMP SHORT EKD5.00411499
00411482 >  8B45 F4    MOV EAX,DWORD PTR SS:[EBP-C]
00411485 .  3B45 F8    CMP EAX,DWORD PTR SS:[EBP-8]
00411488 .  1BC0       SBB EAX,EAX
0041148A .  F7D8       NEG EAX
0041148C .  EB 0B       JMP SHORT EKD5.00411499
0041148E >  8B4D F4    MOV ECX,DWORD PTR SS:[EBP-C]
00411491 .  33C0       XOR EAX,EAX
00411493 .  3B4D F8    CMP ECX,DWORD PTR SS:[EBP-8]
00411496 .  0F94C0       SETE AL
00411499 >  8BE5       MOV ESP,EBP
0041149B .  5D          POP EBP
0041149C .  C3          RETN

[广告] 《精忠报国岳飞传完整版》火热发布


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#57

发表于 2007-12-30 21:43 资料个人空间短消息只看该作者

R中的对话

参数：透明色固定为0黑色

源Bitmpa对象 +1c
高 +18
宽 +14
Y坐标 +10
X坐标 +C
目标DC +8
-4 属于临时变量
-8是读到文本的地址
-C是计数变量
00413661  /.  55          PUSH EBP
00413662  |.  8BEC       MOV EBP,ESP
00413664  |.  81EC 20040000 SUB ESP,420
0041366A  |.  66:C785 ECFBF>MOV WORD PTR SS:[EBP-414],0FFFF
00413673  |.  6A 05       PUSH 5                                  ; /Arg1 = 00000005
00413675  |.  8B4D 08    MOV ECX,DWORD PTR SS:[EBP+8]          ; |
00413678  |.  E8 7A4D0000 CALL WaGan.004183F7                   ; \WaGan.004183F7
0041367D  |.  8945 F8    MOV DWORD PTR SS:[EBP-8],EAX
00413680  |.  817D F8 00000>CMP DWORD PTR SS:[EBP-8],80000000
00413687  |.  75 0A       JNZ SHORT WaGan.00413693
00413689  |.  B8 05000000 MOV EAX,5
0041368E  |.  E9 7A020000 JMP WaGan.0041390D             退出

00413693  |>  8B45 F8    MOV EAX,DWORD PTR SS:[EBP-8]
00413696  |.  8945 FC    MOV DWORD PTR SS:[EBP-4],EAX
00413699  |.  C745 F4 00000>MOV DWORD PTR SS:[EBP-C],0
004136A0  |>  C745 F4 00000>/MOV DWORD PTR SS:[EBP-C],0
004136A7  |.  8B4D FC    |MOV ECX,DWORD PTR SS:[EBP-4]
004136AA  |.  33D2       |XOR EDX,EDX
004136AC  |.  8A11       |MOV DL,BYTE PTR DS:[ECX]
004136AE  |.  83FA 26    |CMP EDX,26                            26，就是&标记
004136B1  |.  0F85 9A010000 |JNZ WaGan.00413851
004136B7  |.  8B45 FC    |MOV EAX,DWORD PTR SS:[EBP-4]
004136BA  |.  83C0 01    |ADD EAX,1                            查看&后面跟的名字
004136BD  |.  8945 FC    |MOV DWORD PTR SS:[EBP-4],EAX
004136C0  |.  E8 5D82FFFF |CALL WaGan.0040B922                一个判断
004136C5  |.  85C0       |TEST EAX,EAX
004136C7  |.  74 2B       |JE SHORT WaGan.004136F4
004136C9  |.  8B4D FC    |MOV ECX,DWORD PTR SS:[EBP-4]
004136CC  |.  33D2       |XOR EDX,EDX
004136CE  |.  8A11       |MOV DL,BYTE PTR DS:[ECX]
004136D0  |.  83FA 0A    |CMP EDX,0A
004136D3  |.  75 1F       |JNZ SHORT WaGan.004136F4
004136D5  |.  B9 F05D4B00 |MOV ECX,WaGan.004B5DF0
004136DA  |.  E8 4C290400 |CALL WaGan.0045602B
004136DF  |.  66:8985 ECFBF>|MOV WORD PTR SS:[EBP-414],AX
004136E6  |.  8B45 FC    |MOV EAX,DWORD PTR SS:[EBP-4]
004136E9  |.  83C0 01    |ADD EAX,1
004136EC  |.  8945 FC    |MOV DWORD PTR SS:[EBP-4],EAX
004136EF  |.  E9 5D010000 |JMP WaGan.00413851

004136F4  |>  E8 2982FFFF |CALL WaGan.0040B922 一个判断
004136F9  |.  85C0       |TEST EAX,EAX
004136FB  |.  0F84 EC000000 |JE WaGan.004137ED
00413701  |.  8B4D FC    |MOV ECX,DWORD PTR SS:[EBP-4]
00413704  |.  33D2       |XOR EDX,EDX
00413706  |.  8A11       |MOV DL,BYTE PTR DS:[ECX]
00413708  |.  83FA 30    |CMP EDX,30
0041370B  |.  0F8C DC000000 |JL WaGan.004137ED
00413711  |.  8B45 FC    |MOV EAX,DWORD PTR SS:[EBP-4]
00413714  |.  33C9       |XOR ECX,ECX
00413716  |.  8A08       |MOV CL,BYTE PTR DS:[EAX]
00413718  |.  83F9 39    |CMP ECX,39
0041371B  |.  0F8F CC000000 |JG WaGan.004137ED
00413721  |.  C785 E8FBFFFF>|MOV DWORD PTR SS:[EBP-418],0
0041372B  |.  EB 0F       |JMP SHORT WaGan.0041373C
0041372D  |>  8B95 E8FBFFFF |/MOV EDX,DWORD PTR SS:[EBP-418]
00413733  |.  83C2 01    ||ADD EDX,1
00413736  |.  8995 E8FBFFFF ||MOV DWORD PTR SS:[EBP-418],EDX
0041373C  |>  83BD E8FBFFFF>| CMP DWORD PTR SS:[EBP-418],2
00413743  |.  73 37       ||JNB SHORT WaGan.0041377C
00413745  |.  8B45 FC    ||MOV EAX,DWORD PTR SS:[EBP-4]
00413748  |.  33C9       ||XOR ECX,ECX
0041374A  |.  8A08       ||MOV CL,BYTE PTR DS:[EAX]
0041374C  |.  83F9 0A    ||CMP ECX,0A
0041374F  |.  74 2B       ||JE SHORT WaGan.0041377C
00413751  |.  8B95 E8FBFFFF ||MOV EDX,DWORD PTR SS:[EBP-418]
00413757  |.  8B45 FC    ||MOV EAX,DWORD PTR SS:[EBP-4]
0041375A  |.  8A08       ||MOV CL,BYTE PTR DS:[EAX]
0041375C  |.  888C15 E0FBFF>||MOV BYTE PTR SS:[EBP+EDX-420],CL
00413763  |.  8B95 E8FBFFFF ||MOV EDX,DWORD PTR SS:[EBP-418]
00413769  |.  C68415 E1FBFF>||MOV BYTE PTR SS:[EBP+EDX-41F],0
00413771  |.  8B45 FC    ||MOV EAX,DWORD PTR SS:[EBP-4]
00413774  |.  83C0 01    ||ADD EAX,1
00413777  |.  8945 FC    ||MOV DWORD PTR SS:[EBP-4],EAX
0041377A  |.^ EB B1       |\JMP SHORT WaGan.0041372D
0041377C  |>  8D8D E0FBFFFF |LEA ECX,DWORD PTR SS:[EBP-420]
00413782  |.  51          |PUSH ECX                               ; /Arg1
00413783  |.  E8 C4C30600 |CALL WaGan.0047FB4C                   ; \WaGan.0047FB4C
00413788  |.  83C4 04    |ADD ESP,4
0041378B  |.  8885 E4FBFFFF |MOV BYTE PTR SS:[EBP-41C],AL
00413791  |.  8B8D E4FBFFFF |MOV ECX,DWORD PTR SS:[EBP-41C]
00413797  |.  81E1 FF000000 |AND ECX,0FF
0041379D  |.  6BC9 24    |IMUL ECX,ECX,24
004137A0  |.  81C1 502C4B00 |ADD ECX,WaGan.004B2C50
004137A6  |.  E8 E5540000 |CALL WaGan.00418C90
004137AB  |.  25 FF000000 |AND EAX,0FF
004137B0  |.  83F8 02    |CMP EAX,2
004137B3  |.  75 23       |JNZ SHORT WaGan.004137D8
004137B5  |.  8B8D E4FBFFFF |MOV ECX,DWORD PTR SS:[EBP-41C]
004137BB  |.  81E1 FF000000 |AND ECX,0FF
004137C1  |.  6BC9 24    |IMUL ECX,ECX,24
004137C4  |.  81C1 502C4B00 |ADD ECX,WaGan.004B2C50
004137CA  |.  E8 A1BE0400 |CALL WaGan.0045F670
004137CF  |.  66:8985 ECFBF>|MOV WORD PTR SS:[EBP-414],AX
004137D6  |.  EB 0A       |JMP SHORT WaGan.004137E2
004137D8  |>  B8 01000000 |MOV EAX,1
004137DD  |.  E9 2B010000 |JMP WaGan.0041390D
004137E2  |>  8B55 FC    |MOV EDX,DWORD PTR SS:[EBP-4]
004137E5  |.  83C2 01    |ADD EDX,1
004137E8  |.  8955 FC    |MOV DWORD PTR SS:[EBP-4],EDX
004137EB  |.  EB 64       |JMP SHORT WaGan.00413851

下面这段是读文本内容，一个字节一个字节读入剧本变量数组[EBP-410]内，用EDX，-C变量计数，-4变量为文本指针，一直移动，最大不能超过0x400
004137ED  |>  8B45 FC    |/MOV EAX,DWORD PTR SS:[EBP-4]
004137F0  |.  33C9       ||XOR ECX,ECX
004137F2  |.  8A08       ||MOV CL,BYTE PTR DS:[EAX]
004137F4  |.  83F9 0A    ||CMP ECX,0A 如果发现是换行就跳出
004137F7  |.  74 2E       ||JE SHORT WaGan.00413827
004137F9  |.  8B55 F4    ||MOV EDX,DWORD PTR SS:[EBP-C]
004137FC  |.  8B45 FC    ||MOV EAX,DWORD PTR SS:[EBP-4]
004137FF  |.  8A08       ||MOV CL,BYTE PTR DS:[EAX]
00413801  |.  888C15 F0FBFF>||MOV BYTE PTR SS:[EBP+EDX-410],CL
00413808  |.  8B55 F4    ||MOV EDX,DWORD PTR SS:[EBP-C]
0041380B  |.  83C2 01    ||ADD EDX,1 计数+1
0041380E  |.  8955 F4    ||MOV DWORD PTR SS:[EBP-C],EDX
00413811  |.  817D F4 00040>||CMP DWORD PTR SS:[EBP-C],400
00413818  |.  76 02       ||JBE SHORT WaGan.0041381C
0041381A  |.  EB 0B       ||JMP SHORT WaGan.00413827
0041381C  |>  8B45 FC    ||MOV EAX,DWORD PTR SS:[EBP-4]
0041381F  |.  83C0 01    ||ADD EAX,1                               指针+1
00413822  |.  8945 FC    ||MOV DWORD PTR SS:[EBP-4],EAX
00413825  |.^ EB C6       |\JMP SHORT WaGan.004137ED

00413827  |>  8B4D FC    |MOV ECX,DWORD PTR SS:[EBP-4]
0041382A  |.  83C1 01    |ADD ECX,1                               读过换行符号
0041382D  |.  894D FC    |MOV DWORD PTR SS:[EBP-4],ECX
00413830  |.  8B55 F4    |MOV EDX,DWORD PTR SS:[EBP-C]
00413833  |.  C68415 F0FBFF>|MOV BYTE PTR SS:[EBP+EDX-410],0
0041383B  |.  8D85 F0FBFFFF |LEA EAX,DWORD PTR SS:[EBP-410]
00413841  |.  50          |PUSH EAX                               ; /Arg1
00413842  |.  E8 79B60000 |CALL WaGan.0041EEC0                   ; \WaGan.0041EEC0
00413847  |.  83C4 04    |ADD ESP,4
0041384A  |.  66:8985 ECFBF>|MOV WORD PTR SS:[EBP-414],AX
00413851  |>  8B4D FC    |MOV ECX,DWORD PTR SS:[EBP-4]
00413854  |.  51          |PUSH ECX                               ; /Arg2
00413855  |.  8D95 F0FBFFFF |LEA EDX,DWORD PTR SS:[EBP-410]       ; |
0041385B  |.  52          |PUSH EDX                               ; |Arg1
0041385C  |.  B9 902F4900 |MOV ECX,WaGan.00492F90                ; |
00413861  |.  E8 3F410000 |CALL WaGan.004179A5                   ; \WaGan.004179A5
00413866  |.  E8 B780FFFF |CALL WaGan.0040B922
0041386B  |.  85C0       |TEST EAX,EAX
0041386D  |.  74 12       |JE SHORT WaGan.00413881
0041386F  |.  8B85 ECFBFFFF |MOV EAX,DWORD PTR SS:[EBP-414]
00413875  |.  25 FFFF0000 |AND EAX,0FFFF
0041387A  |.  3D FFFF0000 |CMP EAX,0FFFF
0041387F  |.  75 20       |JNZ SHORT WaGan.004138A1
00413881  |>  6A 20       |PUSH 20                               ; /Arg3 = 00000020
00413883  |.  8B8D ECFBFFFF |MOV ECX,DWORD PTR SS:[EBP-414]       ; |
00413889  |.  81E1 FFFF0000 |AND ECX,0FFFF                         ; |
0041388F  |.  51          |PUSH ECX                               ; |Arg2
00413890  |.  8D95 F0FBFFFF |LEA EDX,DWORD PTR SS:[EBP-410]       ; |
00413896  |.  52          |PUSH EDX                               ; |Arg1
00413897  |.  E8 559D0100 |CALL WaGan.0042D5F1                   ; \WaGan.0042D5F1
0041389C  |.  83C4 0C    |ADD ESP,0C
0041389F  |.  EB 1D       |JMP SHORT WaGan.004138BE
004138A1  |>  8B85 ECFBFFFF |MOV EAX,DWORD PTR SS:[EBP-414]
004138A7  |.  25 FFFF0000 |AND EAX,0FFFF
004138AC  |.  50          |PUSH EAX                               ; /Arg2
004138AD  |.  8D8D F0FBFFFF |LEA ECX,DWORD PTR SS:[EBP-410]       ; |
004138B3  |.  51          |PUSH ECX                               ; |Arg1
004138B4  |.  B9 F05D4B00 |MOV ECX,WaGan.004B5DF0                ; |
004138B9  |.  E8 9F5D0400 |CALL WaGan.0045965D                   ; \WaGan.0045965D
004138BE  |>  8B55 FC    |/MOV EDX,DWORD PTR SS:[EBP-4]
004138C1  |.  33C0       ||XOR EAX,EAX
004138C3  |.  8A02       ||MOV AL,BYTE PTR DS:[EDX]
004138C5  |.  85C0       ||TEST EAX,EAX
004138C7  |.  74 2F       ||JE SHORT WaGan.004138F8
004138C9  |.  8B4D FC    ||MOV ECX,DWORD PTR SS:[EBP-4]
004138CC  |.  33D2       ||XOR EDX,EDX
004138CE  |.  8A11       ||MOV DL,BYTE PTR DS:[ECX]
004138D0  |.  83FA 0A    ||CMP EDX,0A
004138D3  |.  75 18       ||JNZ SHORT WaGan.004138ED
004138D5  |.  8B45 FC    ||MOV EAX,DWORD PTR SS:[EBP-4]
004138D8  |.  33C9       ||XOR ECX,ECX
004138DA  |.  8A48 01    ||MOV CL,BYTE PTR DS:[EAX+1]
004138DD  |.  83F9 26    ||CMP ECX,26
004138E0  |.  75 0B       ||JNZ SHORT WaGan.004138ED
004138E2  |.  8B55 FC    ||MOV EDX,DWORD PTR SS:[EBP-4]
004138E5  |.  83C2 01    ||ADD EDX,1
004138E8  |.  8955 FC    ||MOV DWORD PTR SS:[EBP-4],EDX
004138EB  |.  EB 0B       ||JMP SHORT WaGan.004138F8
004138ED  |>  8B45 FC    ||MOV EAX,DWORD PTR SS:[EBP-4]
004138F0  |.  83C0 01    ||ADD EAX,1
004138F3  |.  8945 FC    ||MOV DWORD PTR SS:[EBP-4],EAX
004138F6  |.^ EB C6       |\JMP SHORT WaGan.004138BE
004138F8  |>  8B4D FC    |MOV ECX,DWORD PTR SS:[EBP-4]
004138FB  |.  33D2       |XOR EDX,EDX
004138FD  |.  8A11       |MOV DL,BYTE PTR DS:[ECX]
004138FF  |.  83FA 26    |CMP EDX,26
00413902  |.^ 0F84 98FDFFFF \JE WaGan.004136A0
00413908  |.  B8 01000000 MOV EAX,1
0041390D  |>  8BE5       MOV ESP,EBP
0041390F  |.  5D          POP EBP
00413910  \.  C3          RETN

出现头象代号的地方
0041E6E2       /$  55          PUSH EBP
0041E6E3       |.  8BEC       MOV EBP,ESP
0041E6E5       |.  8B45 0C    MOV EAX,DWORD PTR SS:[EBP+C]
0041E6E8       |.  50          PUSH EAX
0041E6E9       |.  8B4D 08    MOV ECX,DWORD PTR SS:[EBP+8]
0041E6EC       |.  51          PUSH ECX       这个就是头相代号
0041E6ED       |.  B9 38C54A00 MOV ECX,WaGan.004AC538
0041E6F2       |.  E8 92150000 CALL WaGan.0041FC89
0041E6F7       |.  5D          POP EBP
0041E6F8       \.  C3          RETN

控制大小的地方

0041E8C7       |.  8B45 10    MOV EAX,DWORD PTR SS:[EBP+10]
0041E8CA       |.  50          PUSH EAX
0041E8CB       |.  6A 50       PUSH 50 高 78
0041E8CD       |.  6A 40       PUSH 40 宽 78
0041E8CF       |.  8B4D 0C    MOV ECX,DWORD PTR SS:[EBP+C]
0041E8D2       |.  51          PUSH ECX
0041E8D3       |.  8B55 08    MOV EDX,DWORD PTR SS:[EBP+8]
0041E8D6       |.  52          PUSH EDX
0041E8D7       |.  E8 BFF70500 CALL WaGan.0047E09B
0041E8DC       |.  83C4 14    ADD ESP,14
0041E8DF       |.  5D          POP EBP

0C栈Data序号
08栈对话内容
说话函数
0042D5F1

画图的地方

0047C8A8  |.  53          PUSH EBX
0047C8A9  |.  57          PUSH EDI
0047C8AA  |.  FF75 0C    PUSH DWORD PTR SS:[EBP+C]
0047C8AD  |.  FF75 08    PUSH DWORD PTR SS:[EBP+8]
0047C8B0  |.  FF35 44D04B00 PUSH DWORD PTR DS:[4BD044]
0047C8B6  |.  E8 AB000000 CALL WaGan.0047C966
0047C8BB  |.  83C4 14    ADD ESP,14
0C栈Data序号
08栈对话内容
说话函数
0042D5F1  /$  55          PUSH EBP
0042D5F2  |.  8BEC       MOV EBP,ESP
0042D5F4  |.  81EC 68090000 SUB ESP,968
0042D5FA  |.  E8 23E3FDFF CALL WaGan.0040B922
0042D5FF  |.  85C0       TEST EAX,EAX
0042D601  |.  74 22       JE SHORT WaGan.0042D625
0042D603  |.  817D 0C 00040>CMP DWORD PTR SS:[EBP+C],400
0042D60A  |.  73 19       JNB SHORT WaGan.0042D625

0042D60C  |.  8B45 10    MOV EAX,DWORD PTR SS:[EBP+10]
0042D60F  |.  50          PUSH EAX
0042D610  |.  8B4D 0C    MOV ECX,DWORD PTR SS:[EBP+C]
0042D613  |.  51          PUSH ECX
0042D614  |.  8B55 08    MOV EDX,DWORD PTR SS:[EBP+8]
0042D617  |.  52          PUSH EDX
0042D618  |.  E8 50F5FFFF CALL WaGan.0042CB6D
0042D61D  |.  83C4 0C    ADD ESP,0C
0042D620  |.  E9 D9070000 JMP WaGan.0042DDFE

0042D625  |>  C785 ACF6FFFF>MOV DWORD PTR SS:[EBP-954],0
0042D62F  |.  C685 BCF6FFFF>MOV BYTE PTR SS:[EBP-944],0FF
0042D636  |.  C785 B0F6FFFF>MOV DWORD PTR SS:[EBP-950],0
0042D640  |.  B9 50424B00 MOV ECX,WaGan.004B4250
0042D645  |.  E8 21880200 CALL WaGan.00455E6B
0042D64A  |.  8945 E4    MOV DWORD PTR SS:[EBP-1C],EAX
0042D64D  |.  B9 50424B00 MOV ECX,WaGan.004B4250
0042D652  |.  E8 ED870200 CALL WaGan.00455E44
0042D657  |.  8945 FC    MOV DWORD PTR SS:[EBP-4],EAX
0042D65A  |.  817D 0C 00040>CMP DWORD PTR SS:[EBP+C],400
0042D661  |.  73 14       JNB SHORT WaGan.0042D677
0042D663  |.  8B45 0C    MOV EAX,DWORD PTR SS:[EBP+C]
0042D666  |.  50          PUSH EAX
0042D667  |.  E8 F4E7FDFF CALL WaGan.0040BE60
0042D66C  |.  83C4 04    ADD ESP,4
0042D66F  |.  8985 A8F6FFFF MOV DWORD PTR SS:[EBP-958],EAX
0042D675  |.  EB 0A       JMP SHORT WaGan.0042D681
0042D677  |>  C785 A8F6FFFF>MOV DWORD PTR SS:[EBP-958],0
0042D681  |>  8B8D A8F6FFFF MOV ECX,DWORD PTR SS:[EBP-958]
0042D687  |.  898D CCF6FFFF MOV DWORD PTR SS:[EBP-934],ECX
0042D68D  |.  8B15 241B4B00 MOV EDX,DWORD PTR DS:[4B1B24]
0042D693  |.  3B95 CCF6FFFF CMP EDX,DWORD PTR SS:[EBP-934]
0042D699  |.  74 1D       JE SHORT WaGan.0042D6B8
0042D69B  |.  33C0       XOR EAX,EAX
0042D69D  |.  833D 1CC84800>CMP DWORD PTR DS:[48C81C],0
0042D6A4  |.  0F94C0       SETE AL
0042D6A7  |.  A3 1CC84800 MOV DWORD PTR DS:[48C81C],EAX
0042D6AC  |.  8B8D CCF6FFFF MOV ECX,DWORD PTR SS:[EBP-934]
0042D6B2  |.  890D 241B4B00 MOV DWORD PTR DS:[4B1B24],ECX
0042D6B8  |>  837D 0C 00 CMP DWORD PTR SS:[EBP+C],0
0042D6BC  |.  75 0A       JNZ SHORT WaGan.0042D6C8
0042D6BE  |.  C705 1CC84800>MOV DWORD PTR DS:[48C81C],1
0042D6C8  |>  817D 0C 00040>CMP DWORD PTR SS:[EBP+C],400
0042D6CF  |.  1BD2       SBB EDX,EDX
0042D6D1  |.  F7DA       NEG EDX
0042D6D3  |.  8955 DC    MOV DWORD PTR SS:[EBP-24],EDX
0042D6D6  |.  837D DC 00 CMP DWORD PTR SS:[EBP-24],0
0042D6DA  |.  0F84 C1000000 JE WaGan.0042D7A1
0042D6E0  |.  833D 1CC84800>CMP DWORD PTR DS:[48C81C],0
0042D6E7  |.  74 0C       JE SHORT WaGan.0042D6F5
0042D6E9  |.  C785 A4F6FFFF>MOV DWORD PTR SS:[EBP-95C],10 能控制左边的横坐标
0042D6F3  |.  EB 0E       JMP SHORT WaGan.0042D703

0042D6F5  |>  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
0042D6F8  |.  2D C0010000 SUB EAX,1C0 能控制右边的横坐标 -20E
0042D6FD  |.  8985 A4F6FFFF MOV DWORD PTR SS:[EBP-95C],EAX
0042D703  |>  8B8D A4F6FFFF MOV ECX,DWORD PTR SS:[EBP-95C]
0042D709  |.  898D B8F6FFFF MOV DWORD PTR SS:[EBP-948],ECX
0042D70F  |.  8B95 CCF6FFFF MOV EDX,DWORD PTR SS:[EBP-934]
0042D715  |.  52          PUSH EDX
0042D716  |.  E8 DDB2FFFF CALL WaGan.004289F8
0042D71B  |.  83C4 04    ADD ESP,4
0042D71E  |.  85C0       TEST EAX,EAX
0042D720  |.  74 2B       JE SHORT WaGan.0042D74D
0042D722  |.  8B85 CCF6FFFF MOV EAX,DWORD PTR SS:[EBP-934]
0042D728  |.  50          PUSH EAX
0042D729  |.  E8 CAB2FFFF CALL WaGan.004289F8
0042D72E  |.  83C4 04    ADD ESP,4
0042D731  |.  8B48 04    MOV ECX,DWORD PTR DS:[EAX+4]
0042D734  |.  894D EC    MOV DWORD PTR SS:[EBP-14],ECX
0042D737  |.  8B95 CCF6FFFF MOV EDX,DWORD PTR SS:[EBP-934]
0042D73D  |.  52          PUSH EDX
0042D73E  |.  E8 B5B2FFFF CALL WaGan.004289F8
0042D743  |.  83C4 04    ADD ESP,4
0042D746  |.  8B00       MOV EAX,DWORD PTR DS:[EAX]
0042D748  |.  8945 F8    MOV DWORD PTR SS:[EBP-8],EAX
0042D74B  |.  EB 0E       JMP SHORT WaGan.0042D75B

0042D74D  |>  C745 EC 00000>MOV DWORD PTR SS:[EBP-14],0
0042D754  |.  C745 F8 00000>MOV DWORD PTR SS:[EBP-8],0
0042D75B  |>  8B4D E4    MOV ECX,DWORD PTR SS:[EBP-1C]
0042D75E  |.  83E9 28    SUB ECX,28
0042D761  |.  D1E9       SHR ECX,1
0042D763  |.  394D EC    CMP DWORD PTR SS:[EBP-14],ECX
0042D766  |.  7E 0C       JLE SHORT WaGan.0042D774
0042D768  |.  C785 B4F6FFFF>MOV DWORD PTR SS:[EBP-94C],38
能控制上方的纵坐标（去掉这里，改为允许出现头相）
0042D768 .  C605 BAF24C00>MOV BYTE PTR DS:[4CF2BA],1
0042D76F .  EB 03       JMP SHORT WaGan.0042D774

0042D772  |.  EB 2B       JMP SHORT WaGan.0042D79F

0042D774  |>  B9 386F4900 MOV ECX,WaGan.00496F38
0042D779  |.  E8 26C9FEFF CALL WaGan.0041A0A4
0042D77E  |.  85C0       TEST EAX,EAX
0042D780  |.  75 11       JNZ SHORT WaGan.0042D793
0042D782  |.  8B55 E4    MOV EDX,DWORD PTR SS:[EBP-1C]
0042D785  |.  81EA A2000000 SUB EDX,0A2 能控制下方的纵坐标
0042D78B  |.  8995 B4F6FFFF MOV DWORD PTR SS:[EBP-94C],EDX
0042D791  |.  EB 0C       JMP SHORT WaGan.0042D79F

0042D793  |>  8B45 E4    MOV EAX,DWORD PTR SS:[EBP-1C]
0042D796  |.  83E8 70    SUB EAX,70 能控制下方的纵坐标
0042D799  |.  8985 B4F6FFFF MOV DWORD PTR SS:[EBP-94C],EAX
0042D79F  |>  EB 22       JMP SHORT WaGan.0042D7C3

0042D7A1  |>  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
0042D7A4  |.  D1E9       SHR ECX,1
0042D7A6  |.  81E9 A0000000 SUB ECX,0A0
0042D7AC  |.  898D B8F6FFFF MOV DWORD PTR SS:[EBP-948],ECX
0042D7B2  |.  8B55 E4    MOV EDX,DWORD PTR SS:[EBP-1C]
0042D7B5  |.  83EA 5A    SUB EDX,5A
0042D7B8  |.  D1EA       SHR EDX,1
0042D7BA  |.  83EA 10    SUB EDX,10
0042D7BD  |.  8995 B4F6FFFF MOV DWORD PTR SS:[EBP-94C],EDX

0042D7C3  |>  8B45 10    MOV EAX,DWORD PTR SS:[EBP+10]
0042D7C6  |.  25 C0000000 AND EAX,0C0
0042D7CB  |.  C1E8 06    SHR EAX,6
0042D7CE  |.  8945 F4    MOV DWORD PTR SS:[EBP-C],EAX
0042D7D1  |.  8B4D 10    MOV ECX,DWORD PTR SS:[EBP+10]
0042D7D4  |.  83E1 10    AND ECX,10
0042D7D7  |.  F7D9       NEG ECX
0042D7D9  |.  1BC9       SBB ECX,ECX
0042D7DB  |.  F7D9       NEG ECX
0042D7DD  |.  898D C8F6FFFF MOV DWORD PTR SS:[EBP-938],ECX
0042D7E3  |.  8B55 DC    MOV EDX,DWORD PTR SS:[EBP-24]
0042D7E6  |.  F7DA       NEG EDX
0042D7E8  |.  1BD2       SBB EDX,EDX
0042D7EA  |.  83C2 04    ADD EDX,4
0042D7ED  |.  8995 D4F6FFFF MOV DWORD PTR SS:[EBP-92C],EDX
0042D7F3  |.  E8 5FEDFFFF CALL WaGan.0042C557
0042D7F8  |.  E8 DE0DFFFF CALL WaGan.0041E5DB
0042D7FD  |.  6A 04       PUSH 4
0042D7FF  |.  B9 382F4900 MOV ECX,WaGan.00492F38
0042D804  |.  E8 2D15FEFF CALL WaGan.0040ED36
0042D809  |.  6A 00       PUSH 0
0042D80B  |.  B9 382F4900 MOV ECX,WaGan.00492F38
0042D810  |.  E8 A714FEFF CALL WaGan.0040ECBC
0042D815  |.  837D DC 00 CMP DWORD PTR SS:[EBP-24],0
0042D819  |.  75 29       JNZ SHORT WaGan.0042D844 非0，则是有头相
0042D81B  |.  6A 00       PUSH 0 这个应该是没有头象的信息框
0042D81D  |.  68 90000000 PUSH 90
0042D822  |.  68 50010000 PUSH 150
0042D827  |.  8B85 B4F6FFFF MOV EAX,DWORD PTR SS:[EBP-94C]
0042D82D  |.  50          PUSH EAX
0042D82E  |.  8B8D B8F6FFFF MOV ECX,DWORD PTR SS:[EBP-948]
0042D834  |.  51          PUSH ECX
0042D835  |.  B9 30694B00 MOV ECX,WaGan.004B6930
0042D83A  |.  E8 7C5D0400 CALL WaGan.004735BB
0042D83F  |.  E9 BD020000 JMP WaGan.0042DB01 调到画图处
0042D844  |>  8B95 CCF6FFFF MOV EDX,DWORD PTR SS:[EBP-934]
0042D84A  |.  52          PUSH EDX
0042D84B  |.  E8 19B2FFFF CALL WaGan.00428A69
0042D850  |.  83C4 04    ADD ESP,4
0042D853  |.  8985 C0F6FFFF MOV DWORD PTR SS:[EBP-940],EAX
0042D859  |.  81BD C0F6FFFF>CMP DWORD PTR SS:[EBP-940],0FF
0042D863  |.  0F84 AB000000 JE WaGan.0042D914                人物没有在地图上，不设置气泡
0042D869  |.  6A 00       PUSH 0
0042D86B  |.  6A 1F       PUSH 1F
0042D86D  |.  6A 04       PUSH 4
0042D86F  |.  E8 7DF90400 CALL WaGan.0047D1F1
0042D874  |.  83C4 0C    ADD ESP,0C
0042D877  |.  83BD C0F6FFFF>CMP DWORD PTR SS:[EBP-940],3
0042D87E  |.  75 0E       JNZ SHORT WaGan.0042D88E
0042D880  |.  8B45 F8    MOV EAX,DWORD PTR SS:[EBP-8]
0042D883  |.  83E8 10    SUB EAX,10
0042D886  |.  8985 A0F6FFFF MOV DWORD PTR SS:[EBP-960],EAX
0042D88C  |.  EB 0C       JMP SHORT WaGan.0042D89A
0042D88E  |>  8B4D F8    MOV ECX,DWORD PTR SS:[EBP-8]
0042D891  |.  83C1 28    ADD ECX,28
0042D894  |.  898D A0F6FFFF MOV DWORD PTR SS:[EBP-960],ECX
0042D89A  |>  8B95 A0F6FFFF MOV EDX,DWORD PTR SS:[EBP-960]
0042D8A0  |.  8995 B0F6FFFF MOV DWORD PTR SS:[EBP-950],EDX
0042D8A6  |.  8D85 DCF6FFFF LEA EAX,DWORD PTR SS:[EBP-924]
0042D8AC  |.  50          PUSH EAX
0042D8AD  |.  6A 18       PUSH 18
0042D8AF  |.  6A 18       PUSH 18
0042D8B1  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]
0042D8B4  |.  83E9 10    SUB ECX,10
0042D8B7  |.  51          PUSH ECX
0042D8B8  |.  8B95 B0F6FFFF MOV EDX,DWORD PTR SS:[EBP-950]
0042D8BE  |.  52          PUSH EDX
0042D8BF  |.  E8 8D090500 CALL WaGan.0047E251
0042D8C4  |.  83C4 14    ADD ESP,14
0042D8C7  |.  6A 04       PUSH 4
0042D8C9  |.  6A 00       PUSH 0
0042D8CB  |.  68 40080000 PUSH 840
0042D8D0  |.  B9 50EB4A00 MOV ECX,WaGan.004AEB50
0042D8D5  |.  E8 66210500 CALL WaGan.0047FA40
0042D8DA  |.  8B8D C0F6FFFF MOV ECX,DWORD PTR SS:[EBP-940]
0042D8E0  |.  83E9 01    SUB ECX,1
0042D8E3  |.  F7D9       NEG ECX
0042D8E5  |.  1BC9       SBB ECX,ECX
0042D8E7  |.  81E1 40020000 AND ECX,240
0042D8ED  |.  03C1       ADD EAX,ECX
0042D8EF  |.  50          PUSH EAX
0042D8F0  |.  6A 18       PUSH 18 设置4b7c20
0042D8F2  |.  6A 18       PUSH 18 设置4b7a90
0042D8F4  |.  8B55 EC    MOV EDX,DWORD PTR SS:[EBP-14]
0042D8F7  |.  83EA 10    SUB EDX,10
0042D8FA  |.  52          PUSH EDX
0042D8FB  |.  8B85 B0F6FFFF MOV EAX,DWORD PTR SS:[EBP-950]
0042D901  |.  50          PUSH EAX
0042D902  |.  E8 94070500 CALL WaGan.0047E09B 设置头相气泡的
0042D907  |.  83C4 14    ADD ESP,14
0042D90A  |.  C785 ACF6FFFF>MOV DWORD PTR SS:[EBP-954],1

0042D914  |>  6A 00       PUSH 0
0042D916  |.  6A 60       PUSH 60 底色的高 -4  64
0042D918  |.  68 B0010000 PUSH 1B0 底色的宽 -4  1B4
0042D91D  |.  8B8D B4F6FFFF MOV ECX,DWORD PTR SS:[EBP-94C]
0042D923  |.  51          PUSH ECX 底色的纵坐标  +1
0042D924  |.  8B95 B8F6FFFF MOV EDX,DWORD PTR SS:[EBP-948]          底色的横坐标  +1
0042D92A  |.  52          PUSH EDX
0042D92B  |.  B9 30694B00 MOV ECX,WaGan.004B6930
0042D930  |.  E8 865C0400 CALL WaGan.004735BB 底色和白色，头相无关
CALL 004D41DE改成Call重写的函数了，没有底的
0042D935  |.  6A 00       PUSH 0
0042D937  |.  6A 1F       PUSH 1F
0042D939  |.  6A 04       PUSH 4 这个改成8，头相根本就不出现了
0042D93B  |.  E8 B1F80400 CALL WaGan.0047D1F1
0042D940  |.  83C4 0C    ADD ESP,0C

0042D943  |.  8B8D CCF6FFFF MOV ECX,DWORD PTR SS:[EBP-934]
0042D949  |.  E8 599CFDFF CALL WaGan.004075A7

0042D94E  |.  50          PUSH EAX 这个就是头相的代号
0042D94F  |.  8B85 B4F6FFFF MOV EAX,DWORD PTR SS:[EBP-94C]
0042D955  |.  83C0 08    ADD EAX,8                               头相纵坐标+8
0042D958  |.  50          PUSH EAX
0042D959  |.  8B0D 1CC84800 MOV ECX,DWORD PTR DS:[48C81C]
0042D95F  |.  F7D9       NEG ECX
0042D961  |.  1BC9       SBB ECX,ECX
0042D963  |.  81E1 A0FEFFFF AND ECX,FFFFFEA0
0042D969  |.  81C1 68010000 ADD ECX,168
0042D96F  |.  8B95 B8F6FFFF MOV EDX,DWORD PTR SS:[EBP-948]
0042D975  |.  03D1       ADD EDX,ECX
0042D977  |.  52          PUSH EDX                            头相横坐标+168
0042D978  |.  E8 640FFFFF CALL WaGan.0041E8E1 这个在加载头象
0042D97D  |.  83C4 0C    ADD ESP,0C
上面这段改成LoadImage了，并且调用也有改（00413897  |.  E8 559D0100 |CALL WaGan.0042D5F1）
0042D959    E8 93FCFFFF CALL WaGan.0042D5F1
0042D95E    C605 BAF24C00>MOV BYTE PTR DS:[4CF2BA],0
0042D965 ^ E9 325FFEFF JMP WaGan.0041389C

0042D980  |.  6A 3A       PUSH 3A 蓝色
0042D982  |.  B9 382F4900 MOV ECX,WaGan.00492F38
0042D987  |.  E8 F812FEFF CALL WaGan.0040EC84 名字的颜色显示

0042D98C  |.  8B85 B4F6FFFF MOV EAX,DWORD PTR SS:[EBP-94C]
0042D992  |.  83C0 06    ADD EAX,6 名字纵坐标+6 +0D
0042D995  |.  50          PUSH EAX
0042D996  |.  8B0D 1CC84800 MOV ECX,DWORD PTR DS:[48C81C]
0042D99C  |.  F7D9       NEG ECX
0042D99E  |.  1BC9       SBB ECX,ECX
0042D9A0  |.  83E1 50    AND ECX,50
0042D9A3  |.  83C1 10    ADD ECX,10
0042D9A6  |.  8B85 B8F6FFFF MOV EAX,DWORD PTR SS:[EBP-948]
0042D9AC  |.  03C1       ADD EAX,ECX                   名字横坐标
0042D9AE  |.  99          CDQ
0042D9AF  |.  83E2 07    AND EDX,7
0042D9B2  |.  03C2       ADD EAX,EDX
0042D9B4  |.  C1F8 03    SAR EAX,3
0042D9B7  |.  50          PUSH EAX
0042D9B8  |.  B9 382F4900 MOV ECX,WaGan.00492F38
0042D9BD  |.  E8 1512FEFF CALL WaGan.0040EBD7
0042D9C2  |.  8B8D CCF6FFFF MOV ECX,DWORD PTR SS:[EBP-934]
0042D9C8  |.  E8 8A9DFDFF CALL WaGan.00407757

0042D9CD  |.  50          PUSH EAX
0042D9CE  |.  68 2CC84800 PUSH WaGan.0048C82C
0042D9D3  |.  68 382F4900 PUSH WaGan.00492F38
0042D9D8  |.  E8 C320FEFF CALL WaGan.0040FAA0
0042D9DD  |.  83C4 0C    ADD ESP,0C

0042D9E0  |.  6A 12       PUSH 12
0042D9E2  |.  6A 00       PUSH 0
0042D9E4  |.  6A 40       PUSH 40 高度
0042D9E6  |.  68 20010000 PUSH 120
0042D9EB  |.  8B95 B4F6FFFF MOV EDX,DWORD PTR SS:[EBP-94C]    对话框白色部分的中间处的纵坐标
0042D9F1  |.  83C2 1A    ADD EDX,1A
0042D9F4  |.  52          PUSH EDX
0042D9F5  |.  A1 1CC84800 MOV EAX,DWORD PTR DS:[48C81C]
0042D9FA  |.  F7D8       NEG EAX
0042D9FC  |.  1BC0       SBB EAX,EAX
0042D9FE  |.  83E0 50    AND EAX,50
0042DA01  |.  83C0 20    ADD EAX,20
0042DA04  |.  8B8D B8F6FFFF MOV ECX,DWORD PTR SS:[EBP-948] 横坐标
0042DA0A  |.  03C8       ADD ECX,EAX
0042DA0C  |.  51          PUSH ECX
0042DA0D  |.  E8 910CFFFF CALL WaGan.0041E6A3

0042DA12  |.  83C4 18    ADD ESP,18

-------------------------------------------------------------------------------------------------------
0042DA15  |.  6A 00       PUSH 0
0042DA17  |.  6A 1F       PUSH 1F
0042DA19  |.  6A 04       PUSH 4
0042DA1B  |.  E8 D1F70400 CALL WaGan.0047D1F1
0042DA20  |.  83C4 0C    ADD ESP,0C
0042DA23  |.  6A 04       PUSH 4
0042DA25  |.  6A 00       PUSH 0
0042DA27  |.  8B15 1CC84800 MOV EDX,DWORD PTR DS:[48C81C]
0042DA2D  |.  F7DA       NEG EDX
0042DA2F  |.  1BD2       SBB EDX,EDX
0042DA31  |.  80E2 00    AND DL,0
0042DA34  |.  81C2 C0990100 ADD EDX,199C0
0042DA3A  |.  52          PUSH EDX
0042DA3B  |.  B9 50EB4A00 MOV ECX,WaGan.004AEB50
0042DA40  |.  E8 FB1F0500 CALL WaGan.0047FA40

0042DA45  |.  50          PUSH EAX
0042DA46  |.  6A 10       PUSH 10
0042DA48  |.  6A 10       PUSH 10
0042DA4A  |.  8B85 B4F6FFFF MOV EAX,DWORD PTR SS:[EBP-94C]          尖角的纵坐标
0042DA50  |.  83C0 3C    ADD EAX,3C
0042DA53  |.  50          PUSH EAX
0042DA54  |.  8B0D 1CC84800 MOV ECX,DWORD PTR DS:[48C81C]
0042DA5A  |.  F7D9       NEG ECX
0042DA5C  |.  1BC9       SBB ECX,ECX
0042DA5E  |.  80E1 00    AND CL,0
0042DA61  |.  81C1 50010000 ADD ECX,150
0042DA67  |.  8B95 B8F6FFFF MOV EDX,DWORD PTR SS:[EBP-948] 尖角的横坐标
0042DA6D  |.  03D1       ADD EDX,ECX
0042DA6F  |.  52          PUSH EDX
0042DA70  |.  E8 26060500 CALL WaGan.0047E09B
0042DA75  |.  83C4 14    ADD ESP,14
0042DA78  |.  6A 04       PUSH 4
0042DA7A  |.  6A 00       PUSH 0
0042DA7C  |.  68 C09A0100 PUSH 19AC0
0042DA81  |.  B9 50EB4A00 MOV ECX,WaGan.004AEB50
0042DA86  |.  E8 B51F0500 CALL WaGan.0047FA40

开始调用Mark的了

0042DA8B  |.  50          PUSH EAX
0042DA8C  |.  6A 40       PUSH 40
0042DA8E  |.  6A 10       PUSH 10
0042DA90  |.  8B85 B4F6FFFF MOV EAX,DWORD PTR SS:[EBP-94C] 对话框里左边的白色部分纵坐标
0042DA96  |.  83C0 1A    ADD EAX,1A
0042DA99  |.  50          PUSH EAX
0042DA9A  |.  8B0D 1CC84800 MOV ECX,DWORD PTR DS:[48C81C]
0042DAA0  |.  F7D9       NEG ECX
0042DAA2  |.  1BC9       SBB ECX,ECX
0042DAA4  |.  83E1 50    AND ECX,50
0042DAA7  |.  83C1 10    ADD ECX,10
0042DAAA  |.  8B95 B8F6FFFF MOV EDX,DWORD PTR SS:[EBP-948] 横坐标
0042DAB0  |.  03D1       ADD EDX,ECX
0042DAB2  |.  52          PUSH EDX
0042DAB3  |.  E8 E3050500 CALL WaGan.0047E09B
0042DAB8  |.  83C4 14    ADD ESP,14

=======================================================================

0042DABB  |.  6A 04       PUSH 4
0042DABD  |.  6A 00       PUSH 0
0042DABF  |.  68 C09E0100 PUSH 19EC0
0042DAC4  |.  B9 50EB4A00 MOV ECX,WaGan.004AEB50
0042DAC9  |.  E8 721F0500 CALL WaGan.0047FA40

=======================================================================

0042DACE  |.  50          PUSH EAX
0042DACF  |.  6A 40       PUSH 40
0042DAD1  |.  6A 10       PUSH 10
0042DAD3  |.  8B85 B4F6FFFF MOV EAX,DWORD PTR SS:[EBP-94C] 对话框右半边部分
0042DAD9  |.  83C0 1A    ADD EAX,1A
0042DADC  |.  50          PUSH EAX
0042DADD  |.  8B0D 1CC84800 MOV ECX,DWORD PTR DS:[48C81C]
0042DAE3  |.  F7D9       NEG ECX
0042DAE5  |.  1BC9       SBB ECX,ECX
0042DAE7  |.  83E1 50    AND ECX,50
0042DAEA  |.  81C1 40010000 ADD ECX,140
0042DAF0  |.  8B95 B8F6FFFF MOV EDX,DWORD PTR SS:[EBP-948] 横坐标
0042DAF6  |.  03D1       ADD EDX,ECX
0042DAF8  |.  52          PUSH EDX
0042DAF9  |.  E8 9D050500 CALL WaGan.0047E09B
0042DAFE  |.  83C4 14    ADD ESP,14

0042DB01  |>  E8 F00AFFFF CALL WaGan.0041E5F6 画图

0042DB06  |.  8B45 08    MOV EAX,DWORD PTR SS:[EBP+8]    文字部分
0042DB09  |.  8945 F0    MOV DWORD PTR SS:[EBP-10],EAX
0042DB0C  |.  C745 E8 01000>MOV DWORD PTR SS:[EBP-18],1
0042DB13  |.  B9 70074B00 MOV ECX,WaGan.004B0770
0042DB18  |.  E8 13E8FEFF CALL WaGan.0041C330
0042DB1D  |.  8885 D0F6FFFF MOV BYTE PTR SS:[EBP-930],AL
0042DB23  |.  8B8D D0F6FFFF MOV ECX,DWORD PTR SS:[EBP-930]
0042DB29  |.  81E1 FF000000 AND ECX,0FF
0042DB2F  |.  F7D9       NEG ECX
0042DB31  |.  1BC9       SBB ECX,ECX
0042DB33  |.  F7D9       NEG ECX
0042DB35  |.  898D C4F6FFFF MOV DWORD PTR SS:[EBP-93C],ECX
0042DB3B  |.  B9 70074B00 MOV ECX,WaGan.004B0770
0042DB40  |.  E8 CBCDFFFF CALL WaGan.0042A910
0042DB45  |.  25 00080000 AND EAX,800
0042DB4A  |.  85C0       TEST EAX,EAX
0042DB4C  |.  74 07       JE SHORT WaGan.0042DB55
0042DB4E  |.  C685 D0F6FFFF>MOV BYTE PTR SS:[EBP-930],3
0042DB55  |>  8B55 F0    /MOV EDX,DWORD PTR SS:[EBP-10]
0042DB58  |.  33C0       |XOR EAX,EAX
0042DB5A  |.  8A02       |MOV AL,BYTE PTR DS:[EDX]
0042DB5C  |.  85C0       |TEST EAX,EAX
0042DB5E  |.  0F84 1D020000 |JE WaGan.0042DD81
0042DB64  |.  8B4D DC    |MOV ECX,DWORD PTR SS:[EBP-24]
0042DB67  |.  F7D9       |NEG ECX
0042DB69  |.  1BC9       |SBB ECX,ECX
0042DB6B  |.  83E1 0A    |AND ECX,0A
0042DB6E  |.  83C1 14    |ADD ECX,14
0042DB71  |.  898D D8F6FFFF |MOV DWORD PTR SS:[EBP-928],ECX
0042DB77  |.  837D E8 00 |CMP DWORD PTR SS:[EBP-18],0
0042DB7B  |.  75 6D       |JNZ SHORT WaGan.0042DBEA
0042DB7D  |.  E8 590AFFFF |CALL WaGan.0041E5DB
0042DB82  |.  837D DC 00 |CMP DWORD PTR SS:[EBP-24],0
0042DB86  |.  74 37       |JE SHORT WaGan.0042DBBF
0042DB88  |.  6A 12       |PUSH 12
0042DB8A  |.  6A 00       |PUSH 0
0042DB8C  |.  6A 40       |PUSH 40
0042DB8E  |.  68 20010000 |PUSH 120
0042DB93  |.  8B95 B4F6FFFF |MOV EDX,DWORD PTR SS:[EBP-94C]
0042DB99  |.  83C2 1A    |ADD EDX,1A
0042DB9C  |.  52          |PUSH EDX
0042DB9D  |.  A1 1CC84800 |MOV EAX,DWORD PTR DS:[48C81C]
0042DBA2  |.  F7D8       |NEG EAX
0042DBA4  |.  1BC0       |SBB EAX,EAX
0042DBA6  |.  83E0 50    |AND EAX,50
0042DBA9  |.  83C0 20    |ADD EAX,20
0042DBAC  |.  8B8D B8F6FFFF |MOV ECX,DWORD PTR SS:[EBP-948]
0042DBB2  |.  03C8       |ADD ECX,EAX
0042DBB4  |.  51          |PUSH ECX
0042DBB5  |.  E8 E90AFFFF |CALL WaGan.0041E6A3
0042DBBA  |.  83C4 18    |ADD ESP,18
0042DBBD  |.  EB 26       |JMP SHORT WaGan.0042DBE5
0042DBBF  |>  6A 00       |PUSH 0
0042DBC1  |.  6A 00       |PUSH 0
0042DBC3  |.  68 90000000 |PUSH 90
0042DBC8  |.  68 50010000 |PUSH 150
0042DBCD  |.  8B95 B4F6FFFF |MOV EDX,DWORD PTR SS:[EBP-94C]
0042DBD3  |.  52          |PUSH EDX
0042DBD4  |.  8B85 B8F6FFFF |MOV EAX,DWORD PTR SS:[EBP-948]
0042DBDA  |.  50          |PUSH EAX
0042DBDB  |.  B9 30694B00 |MOV ECX,WaGan.004B6930
0042DBE0  |.  E8 1D560400 |CALL WaGan.00473202

0042DBE5  |>  E8 0C0AFFFF |CALL WaGan.0041E5F6          画图
0042DBEA  |>  6A 00       |PUSH 0
0042DBEC  |.  6A 00       |PUSH 0
0042DBEE  |.  68 02020000 |PUSH 202
0042DBF3  |.  8B0D 686A4B00 |MOV ECX,DWORD PTR DS:[4B6A68]
0042DBF9  |.  51          |PUSH ECX
0042DBFA  |.  FF15 F4624800 |CALL DWORD PTR DS:[<&USER32.SendMessage>
0042DC00  |.  837D DC 00 |CMP DWORD PTR SS:[EBP-24],0
0042DC04  |.  74 0E       |JE SHORT WaGan.0042DC14
0042DC06  |.  6A 1F       |PUSH 1F
0042DC08  |.  B9 382F4900 |MOV ECX,WaGan.00492F38
0042DC0D  |.  E8 7210FEFF |CALL WaGan.0040EC84 设置字体颜色
0042DC12  |.  EB 0F       |JMP SHORT WaGan.0042DC23
0042DC14  |>  68 AC000000 |PUSH 0AC
0042DC19  |.  B9 382F4900 |MOV ECX,WaGan.00492F38
0042DC1E  |.  E8 6110FEFF |CALL WaGan.0040EC84 设置字体颜色

0042DC23  |>  C645 E0 00 |MOV BYTE PTR SS:[EBP-20],0
0042DC27  |.  EB 09       |JMP SHORT WaGan.0042DC32
0042DC29  |>  8A55 E0    |/MOV DL,BYTE PTR SS:[EBP-20]
0042DC2C  |.  80C2 01    ||ADD DL,1
0042DC2F  |.  8855 E0    ||MOV BYTE PTR SS:[EBP-20],DL
0042DC32  |>  8B45 F0    | MOV EAX,DWORD PTR SS:[EBP-10]
0042DC35  |.  33C9       ||XOR ECX,ECX
0042DC37  |.  8A08       ||MOV CL,BYTE PTR DS:[EAX]
0042DC39  |.  85C9       ||TEST ECX,ECX
0042DC3B  |.  0F84 C4000000 ||JE WaGan.0042DD05
0042DC41  |.  8B55 E0    ||MOV EDX,DWORD PTR SS:[EBP-20]
0042DC44  |.  81E2 FF000000 ||AND EDX,0FF
0042DC4A  |.  3B95 D4F6FFFF ||CMP EDX,DWORD PTR SS:[EBP-92C]
0042DC50  |.  0F8D AF000000 ||JGE WaGan.0042DD05
0042DC56  |.  837D DC 00 ||CMP DWORD PTR SS:[EBP-24],0
0042DC5A  |.  74 5A       ||JE SHORT WaGan.0042DCB6
0042DC5C  |.  8B85 C4F6FFFF ||MOV EAX,DWORD PTR SS:[EBP-93C]
0042DC62  |.  50          ||PUSH EAX
0042DC63  |.  8B4D F0    ||MOV ECX,DWORD PTR SS:[EBP-10]
0042DC66  |.  51          ||PUSH ECX
0042DC67  |.  8B95 B4F6FFFF ||MOV EDX,DWORD PTR SS:[EBP-94C]
0042DC6D  |.  0395 D8F6FFFF ||ADD EDX,DWORD PTR SS:[EBP-928]
0042DC73  |.  52          ||PUSH EDX
0042DC74  |.  A1 1CC84800 ||MOV EAX,DWORD PTR DS:[48C81C]
0042DC79  |.  F7D8       ||NEG EAX
0042DC7B  |.  1BC0       ||SBB EAX,EAX
0042DC7D  |.  83E0 50    ||AND EAX,50
0042DC80  |.  83C0 20    ||ADD EAX,20 对话的横坐标
0042DC83  |.  8B8D B8F6FFFF ||MOV ECX,DWORD PTR SS:[EBP-948]
0042DC89  |.  03C1       ||ADD EAX,ECX
0042DC8B  |.  99          ||CDQ
0042DC8C  |.  83E2 07    ||AND EDX,7
0042DC8F  |.  03C2       ||ADD EAX,EDX
0042DC91  |.  C1F8 03    ||SAR EAX,3
0042DC94  |.  50          ||PUSH EAX
0042DC95  |.  E8 16ECFFFF ||CALL WaGan.0042C8B0 显示字体
0042DC9A  |.  83C4 10    ||ADD ESP,10
0042DC9D  |.  8B55 F0    ||MOV EDX,DWORD PTR SS:[EBP-10]
0042DCA0  |.  03D0       ||ADD EDX,EAX
0042DCA2  |.  8955 F0    ||MOV DWORD PTR SS:[EBP-10],EDX
0042DCA5  |.  8B85 D8F6FFFF ||MOV EAX,DWORD PTR SS:[EBP-928]
0042DCAB  |.  83C0 14    ||ADD EAX,14
0042DCAE  |.  8985 D8F6FFFF ||MOV DWORD PTR SS:[EBP-928],EAX
0042DCB4  |.  EB 4A       ||JMP SHORT WaGan.0042DD00
0042DCB6  |>  8B8D C4F6FFFF ||MOV ECX,DWORD PTR SS:[EBP-93C]
0042DCBC  |.  51          ||PUSH ECX
0042DCBD  |.  8B55 F0    ||MOV EDX,DWORD PTR SS:[EBP-10]
0042DCC0  |.  52          ||PUSH EDX
0042DCC1  |.  8B85 B4F6FFFF ||MOV EAX,DWORD PTR SS:[EBP-94C]
0042DCC7  |.  0385 D8F6FFFF ||ADD EAX,DWORD PTR SS:[EBP-928]
0042DCCD  |.  50          ||PUSH EAX
0042DCCE  |.  8B85 B8F6FFFF ||MOV EAX,DWORD PTR SS:[EBP-948]
0042DCD4  |.  83C0 18    ||ADD EAX,18
0042DCD7  |.  99          ||CDQ
0042DCD8  |.  83E2 07    ||AND EDX,7
0042DCDB  |.  03C2       ||ADD EAX,EDX
0042DCDD  |.  C1F8 03    ||SAR EAX,3
0042DCE0  |.  50          ||PUSH EAX
0042DCE1  |.  E8 CAEBFFFF ||CALL WaGan.0042C8B0
0042DCE6  |.  83C4 10    ||ADD ESP,10
0042DCE9  |.  8B4D F0    ||MOV ECX,DWORD PTR SS:[EBP-10]
0042DCEC  |.  03C8       ||ADD ECX,EAX
0042DCEE  |.  894D F0    ||MOV DWORD PTR SS:[EBP-10],ECX
0042DCF1  |.  8B95 D8F6FFFF ||MOV EDX,DWORD PTR SS:[EBP-928]
0042DCF7  |.  83C2 1E    ||ADD EDX,1E
0042DCFA  |.  8995 D8F6FFFF ||MOV DWORD PTR SS:[EBP-928],EDX
0042DD00  |>^ E9 24FFFFFF |\JMP WaGan.0042DC29

0042DD05  |>  B9 B07F4900 |MOV ECX,WaGan.00497FB0
0042DD0A  |.  E8 5783FFFF |CALL WaGan.00426066
0042DD0F  |.  6A 00       |PUSH 0
0042DD11  |.  6A 00       |PUSH 0
0042DD13  |.  68 02020000 |PUSH 202
0042DD18  |.  A1 686A4B00 |MOV EAX,DWORD PTR DS:[4B6A68]
0042DD1D  |.  50          |PUSH EAX
0042DD1E  |.  FF15 F4624800 |CALL DWORD PTR DS:[<&USER32.SendMessage>
0042DD24  |.  8B8D D0F6FFFF |MOV ECX,DWORD PTR SS:[EBP-930]
0042DD2A  |.  81E1 FF000000 |AND ECX,0FF
0042DD30  |.  898D 9CF6FFFF |MOV DWORD PTR SS:[EBP-964],ECX
0042DD36  |.  83BD 9CF6FFFF>|CMP DWORD PTR SS:[EBP-964],3
0042DD3D  |.  77 36       |JA SHORT WaGan.0042DD75
0042DD3F  |.  8B95 9CF6FFFF |MOV EDX,DWORD PTR SS:[EBP-964]
0042DD45  |.  FF2495 02DE42>|JMP DWORD PTR DS:[EDX*4+42DE02]

0042DD4C  |>  6A 0F       |PUSH 0F
0042DD4E  |.  E8 F3E8FFFF |CALL WaGan.0042C646
0042DD53  |.  83C4 04    |ADD ESP,4
0042DD56  |.  EB 1D       |JMP SHORT WaGan.0042DD75

0042DD58  |>  6A 0A       |PUSH 0A
0042DD5A  |.  E8 E7E8FFFF |CALL WaGan.0042C646
0042DD5F  |.  83C4 04    |ADD ESP,4
0042DD62  |.  EB 11       |JMP SHORT WaGan.0042DD75

0042DD64  |>  6A 14       |PUSH 14
0042DD66  |.  E8 DBE8FFFF |CALL WaGan.0042C646
0042DD6B  |.  83C4 04    |ADD ESP,4
0042DD6E  |.  EB 05       |JMP SHORT WaGan.0042DD75

0042DD70  |>  E8 BEE9FFFF |CALL WaGan.0042C733
0042DD75  |>  C745 E8 00000>|MOV DWORD PTR SS:[EBP-18],0
0042DD7C  |.^ E9 D4FDFFFF \JMP WaGan.0042DB55

0042DD81  |>  B9 B07F4900 MOV ECX,WaGan.00497FB0
0042DD86  |.  E8 DB82FFFF CALL WaGan.00426066
0042DD8B  |.  B9 30694B00 MOV ECX,WaGan.004B6930
0042DD90  |.  E8 8E580400 CALL WaGan.00473623
0042DD95  |.  83BD ACF6FFFF>CMP DWORD PTR SS:[EBP-954],0
0042DD9C  |.  74 21       JE SHORT WaGan.0042DDBF
0042DD9E  |.  8D85 DCF6FFFF LEA EAX,DWORD PTR SS:[EBP-924]
0042DDA4  |.  50          PUSH EAX
0042DDA5  |.  6A 18       PUSH 18
0042DDA7  |.  6A 18       PUSH 18
0042DDA9  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]
0042DDAC  |.  83E9 10    SUB ECX,10
0042DDAF  |.  51          PUSH ECX
0042DDB0  |.  8B95 B0F6FFFF MOV EDX,DWORD PTR SS:[EBP-950]
0042DDB6  |.  52          PUSH EDX
0042DDB7  |.  E8 DF020500 CALL WaGan.0047E09B
0042DDBC  |.  83C4 14    ADD ESP,14
0042DDBF  |>  8B85 BCF6FFFF MOV EAX,DWORD PTR SS:[EBP-944]
0042DDC5  |.  25 FF000000 AND EAX,0FF
0042DDCA  |.  3D FF000000 CMP EAX,0FF
0042DDCF  |.  74 1D       JE SHORT WaGan.0042DDEE
0042DDD1  |.  8B8D BCF6FFFF MOV ECX,DWORD PTR SS:[EBP-944]
0042DDD7  |.  81E1 FF000000 AND ECX,0FF
0042DDDD  |.  83F9 01    CMP ECX,1
0042DDE0  |.  74 0C       JE SHORT WaGan.0042DDEE
0042DDE2  |.  C785 98F6FFFF>MOV DWORD PTR SS:[EBP-968],0
0042DDEC  |.  EB 0A       JMP SHORT WaGan.0042DDF8
0042DDEE  |>  C785 98F6FFFF>MOV DWORD PTR SS:[EBP-968],1
0042DDF8  |>  8B85 98F6FFFF MOV EAX,DWORD PTR SS:[EBP-968]
0042DDFE  |>  8BE5       MOV ESP,EBP
0042DE00  |.  5D          POP EBP
0042DE01  \.  C3          RETN
0042DE02 .  4CDD4200    DD WaGan.0042DD4C
0042DE06 .  58DD4200    DD WaGan.0042DD58
0042DE0A .  64DD4200    DD WaGan.0042DD64
0042DE0E .  70DD4200    DD WaGan.0042DD70

004073B8  /$  55          PUSH EBP
004073B9  |.  8BEC       MOV EBP,ESP
004073BB  |.  83EC 18    SUB ESP,18
004073BE  |.  894D E8    MOV DWORD PTR SS:[EBP-18],ECX
004073C1  |.  8B4D E8    MOV ECX,DWORD PTR SS:[EBP-18]
004073C4  |.  E8 37210000 CALL WaGan.00409500
004073C9  |.  8945 F4    MOV DWORD PTR SS:[EBP-C],EAX
004073CC  |.  8B45 08    MOV EAX,DWORD PTR SS:[EBP+8]
004073CF  |.  25 FF000000 AND EAX,0FF
004073D4  |.  B9 FF000000 MOV ECX,0FF
004073D9  |.  2BC8       SUB ECX,EAX
004073DB  |.  8B55 E8    MOV EDX,DWORD PTR SS:[EBP-18]
004073DE  |.  33C0       XOR EAX,EAX
004073E0  |.  8A42 2C    MOV AL,BYTE PTR DS:[EDX+2C]
004073E3  |.  3BC8       CMP ECX,EAX
004073E5  |.  73 12       JNB SHORT WaGan.004073F9
004073E7  |.  8B4D E8    MOV ECX,DWORD PTR SS:[EBP-18]
004073EA  |.  33D2       XOR EDX,EDX
004073EC  |.  8A51 2C    MOV DL,BYTE PTR DS:[ECX+2C]
004073EF  |.  B8 FF000000 MOV EAX,0FF
004073F4  |.  2BC2       SUB EAX,EDX
004073F6  |.  8845 08    MOV BYTE PTR SS:[EBP+8],AL
004073F9  |>  C645 F0 00 MOV BYTE PTR SS:[EBP-10],0
004073FD  |.  EB 09       JMP SHORT WaGan.00407408
004073FF  |>  8A4D F0    /MOV CL,BYTE PTR SS:[EBP-10]
00407402  |.  80C1 01    |ADD CL,1
00407405  |.  884D F0    |MOV BYTE PTR SS:[EBP-10],CL
00407408  |>  8B55 F0       MOV EDX,DWORD PTR SS:[EBP-10]
0040740B  |.  81E2 FF000000 |AND EDX,0FF
00407411  |.  83FA 07    |CMP EDX,7
00407414  |.  0F8D 94000000 |JGE WaGan.004074AE
0040741A  |.  8B45 F0    |MOV EAX,DWORD PTR SS:[EBP-10]
0040741D  |.  25 FF000000 |AND EAX,0FF
00407422  |.  50          |PUSH EAX                               ; /Arg1
00407423  |.  8B4D E8    |MOV ECX,DWORD PTR SS:[EBP-18]          ; |
00407426  |.  33D2       |XOR EDX,EDX                            ; |
00407428  |.  8A51 2B    |MOV DL,BYTE PTR DS:[ECX+2B]          ; |
0040742B  |.  8BCA       |MOV ECX,EDX                            ; |
0040742D  |.  6BC9 1B    |IMUL ECX,ECX,1B                      ; |
00407430  |.  81C1 A0BF4A00 |ADD ECX,WaGan.004ABFA0                ; |
00407436  |.  E8 65210000 |CALL WaGan.004095A0                   ; \WaGan.004095A0
0040743B  |.  25 FF000000 |AND EAX,0FF
00407440  |.  8945 FC    |MOV DWORD PTR SS:[EBP-4],EAX
00407443  |.  8B45 F0    |MOV EAX,DWORD PTR SS:[EBP-10]
00407446  |.  25 FF000000 |AND EAX,0FF
0040744B  |.  83F8 04    |CMP EAX,4
0040744E  |.  7F 21       |JG SHORT WaGan.00407471
00407450  |.  8B4D F0    |MOV ECX,DWORD PTR SS:[EBP-10]
00407453  |.  81E1 FF000000 |AND ECX,0FF
00407459  |.  51          |PUSH ECX
0040745A  |.  8B4D E8    |MOV ECX,DWORD PTR SS:[EBP-18]
0040745D  |.  E8 9AFEFFFF |CALL WaGan.004072FC
00407462  |.  25 FF000000 |AND EAX,0FF
00407467  |.  8B55 FC    |MOV EDX,DWORD PTR SS:[EBP-4]
0040746A  |.  03D0       |ADD EDX,EAX
0040746C  |.  D1EA       |SHR EDX,1
0040746E  |.  8955 FC    |MOV DWORD PTR SS:[EBP-4],EDX
00407471  |>  837D FC 00 |CMP DWORD PTR SS:[EBP-4],0
00407475  |.  74 32       |JE SHORT WaGan.004074A9
00407477  |.  C745 EC 00000>|MOV DWORD PTR SS:[EBP-14],0
0040747E  |.  EB 09       |JMP SHORT WaGan.00407489
00407480  |>  8B45 EC    |/MOV EAX,DWORD PTR SS:[EBP-14]
00407483  |.  83C0 01    ||ADD EAX,1
00407486  |.  8945 EC    ||MOV DWORD PTR SS:[EBP-14],EAX
00407489  |>  8B4D 08    | MOV ECX,DWORD PTR SS:[EBP+8]
0040748C  |.  81E1 FF000000 ||AND ECX,0FF
00407492  |.  394D EC    ||CMP DWORD PTR SS:[EBP-14],ECX
00407495  |.  7D 12       ||JGE SHORT WaGan.004074A9
00407497  |.  8B55 FC    ||MOV EDX,DWORD PTR SS:[EBP-4]
0040749A  |.  52          ||PUSH EDX                            ; /Arg2
0040749B  |.  8A45 F0    ||MOV AL,BYTE PTR SS:[EBP-10]          ; |
0040749E  |.  50          ||PUSH EAX                            ; |Arg1
0040749F  |.  8B4D E8    ||MOV ECX,DWORD PTR SS:[EBP-18]       ; |
004074A2  |.  E8 70F9FFFF ||CALL WaGan.00406E17                   ; \WaGan.00406E17
004074A7  |.^ EB D7       |\JMP SHORT WaGan.00407480
004074A9  |>^ E9 51FFFFFF \JMP WaGan.004073FF
004074AE  |>  8B4D E8    MOV ECX,DWORD PTR SS:[EBP-18]
004074B1  |.  8A51 2C    MOV DL,BYTE PTR DS:[ECX+2C]
004074B4  |.  0255 08    ADD DL,BYTE PTR SS:[EBP+8]
004074B7  |.  8B45 E8    MOV EAX,DWORD PTR SS:[EBP-18]
004074BA  |.  8850 2C    MOV BYTE PTR DS:[EAX+2C],DL
004074BD  |.  8B4D E8    MOV ECX,DWORD PTR SS:[EBP-18]
004074C0  |.  33D2       XOR EDX,EDX
004074C2  |.  8A51 2C    MOV DL,BYTE PTR DS:[ECX+2C]
004074C5  |.  83FA FF    CMP EDX,-1
004074C8  |.  72 07       JB SHORT WaGan.004074D1
004074CA  |.  8B45 E8    MOV EAX,DWORD PTR SS:[EBP-18]
004074CD  |.  C640 2D FF MOV BYTE PTR DS:[EAX+2D],0FF
004074D1  |>  837D 0C 00 CMP DWORD PTR SS:[EBP+C],0
004074D5  |.  0F84 C0000000 JE WaGan.0040759B
004074DB  |.  E8 42440000 CALL WaGan.0040B922
004074E0  |.  85C0       TEST EAX,EAX
004074E2  |.  74 14       JE SHORT WaGan.004074F8
004074E4  |.  6A 00       PUSH 0                                  ; /Arg4 = 00000000
004074E6  |.  6A 00       PUSH 0                                  ; |Arg3 = 00000000
004074E8  |.  6A 0B       PUSH 0B                               ; |Arg2 = 0000000B
004074EA  |.  8B4D F4    MOV ECX,DWORD PTR SS:[EBP-C]          ; |
004074ED  |.  51          PUSH ECX                               ; |Arg1
004074EE  |.  B9 F05D4B00 MOV ECX,WaGan.004B5DF0                ; |
004074F3  |.  E8 97020500 CALL WaGan.0045778F                   ; \WaGan.0045778F
004074F8  |>  6A 01       PUSH 1                                  ; /Arg2 = 00000001
004074FA  |.  6A 0B       PUSH 0B                               ; |Arg1 = 0000000B
004074FC  |.  B9 B0694B00 MOV ECX,WaGan.004B69B0                ; |
00407501  |.  E8 74D10600 CALL WaGan.0047467A                   ; \WaGan.0047467A
00407506  |.  8B55 E8    MOV EDX,DWORD PTR SS:[EBP-18]
00407509  |.  33C0       XOR EAX,EAX
0040750B  |.  8A42 2C    MOV AL,BYTE PTR DS:[EDX+2C]
0040750E  |.  50          PUSH EAX                               ; /Arg4
0040750F  |.  8B4D E8    MOV ECX,DWORD PTR SS:[EBP-18]          ; |
00407512  |.  83C1 08    ADD ECX,8                               ; |
00407515  |.  51          PUSH ECX                               ; |Arg3
00407516  |.  68 50B14800 PUSH WaGan.0048B150                   ; |Arg2 = 0048B150
0040751B  |.  6A 02       PUSH 2                                  ; |Arg1 = 00000002
0040751D  |.  E8 77810200 CALL WaGan.0042F699                   ; \WaGan.0042F699
00407522  |.  83C4 10    ADD ESP,10
00407525  |.  C645 F8 00 MOV BYTE PTR SS:[EBP-8],0
00407529  |.  EB 09       JMP SHORT WaGan.00407534
0040752B  |>  8A55 F8    /MOV DL,BYTE PTR SS:[EBP-8]
0040752E  |.  80C2 01    |ADD DL,1
00407531  |.  8855 F8    |MOV BYTE PTR SS:[EBP-8],DL
00407534  |>  8B45 F8       MOV EAX,DWORD PTR SS:[EBP-8]
00407537  |.  25 FF000000 |AND EAX,0FF
0040753C  |.  83F8 44    |CMP EAX,44
0040753F  |.  7D 5A       |JGE SHORT WaGan.0040759B
00407541  |.  8B4D E8    |MOV ECX,DWORD PTR SS:[EBP-18]
00407544  |.  33D2       |XOR EDX,EDX
00407546  |.  8A51 2B    |MOV DL,BYTE PTR DS:[ECX+2B]
00407549  |.  52          |PUSH EDX                               ; /Arg1
0040754A  |.  8B4D F8    |MOV ECX,DWORD PTR SS:[EBP-8]          ; |
0040754D  |.  81E1 FF000000 |AND ECX,0FF                            ; |
00407553  |.  6BC9 46    |IMUL ECX,ECX,46                      ; |
00407556  |.  81C1 C0F44A00 |ADD ECX,WaGan.004AF4C0                ; |
0040755C  |.  E8 1F200000 |CALL WaGan.00409580                   ; \WaGan.00409580
00407561  |.  25 FF000000 |AND EAX,0FF
00407566  |.  8B4D E8    |MOV ECX,DWORD PTR SS:[EBP-18]
00407569  |.  33D2       |XOR EDX,EDX
0040756B  |.  8A51 2C    |MOV DL,BYTE PTR DS:[ECX+2C]
0040756E  |.  3BC2       |CMP EAX,EDX
00407570  |.  75 27       |JNZ SHORT WaGan.00407599
00407572  |.  8B4D F8    |MOV ECX,DWORD PTR SS:[EBP-8]
00407575  |.  81E1 FF000000 |AND ECX,0FF
0040757B  |.  6BC9 46    |IMUL ECX,ECX,46
0040757E  |.  81C1 C0F44A00 |ADD ECX,WaGan.004AF4C0
00407584  |.  E8 87810500 |CALL WaGan.0045F710
00407589  |.  50          |PUSH EAX                               ; /Arg3
0040758A  |.  68 60B14800 |PUSH WaGan.0048B160                   ; |Arg2 = 0048B160
0040758F  |.  6A 02       |PUSH 2                               ; |Arg1 = 00000002
00407591  |.  E8 03810200 |CALL WaGan.0042F699                   ; \WaGan.0042F699
00407596  |.  83C4 0C    |ADD ESP,0C
00407599  |>^ EB 90       \JMP SHORT WaGan.0040752B
0040759B  |>  8B45 E8    MOV EAX,DWORD PTR SS:[EBP-18]
0040759E  |.  8A40 2C    MOV AL,BYTE PTR DS:[EAX+2C]
004075A1  |.  8BE5       MOV ESP,EBP
004075A3  |.  5D          POP EBP
004075A4  \.  C2 0800    RETN 8

[广告] 安装Alexa工具条，提高轩辕排名，支持轩辕发展！


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#58

发表于 2007-12-30 21:44 资料个人空间短消息只看该作者

08指令研究

00426B35  /$  55          PUSH EBP
00426B36  |.  8BEC       MOV EBP,ESP
00426B38  |.  68 00040000 PUSH 400                               ; /Flags = MF_BYPOSITION|MF_ENABLED|MF_STRING
00426B3D  |.  6A 01       PUSH 1                                  ; |ItemID = 1
00426B3F  |.  A1 686A4B00 MOV EAX,DWORD PTR DS:[4B6A68]          ; |
00426B44  |.  50          PUSH EAX                               ; |/hWnd => 00170296 ('Ekd5',class='Ekd5')
00426B45  |.  FF15 58624800 CALL DWORD PTR DS:[<&USER32.GetMenu>] ; |\GetMenu
00426B4B  |.  50          PUSH EAX                               ; |hMenu
00426B4C  |.  FF15 5C624800 CALL DWORD PTR DS:[<&USER32.GetMenuState>; \GetMenuState
00426B52  |.  83E0 01    AND EAX,1
00426B55  |.  85C0       TEST EAX,EAX
00426B57  |.  74 0A       JE SHORT Ekd5.00426B63
00426B59  |.  837D 08 00 CMP DWORD PTR SS:[EBP+8],0
00426B5D  |.  75 02       JNZ SHORT Ekd5.00426B61
00426B5F  |.  EB 40       JMP SHORT Ekd5.00426BA1
00426B61  |>  EB 08       JMP SHORT Ekd5.00426B6B
00426B63  |>  837D 08 01 CMP DWORD PTR SS:[EBP+8],1
00426B67  |.  75 02       JNZ SHORT Ekd5.00426B6B
00426B69  |.  EB 36       JMP SHORT Ekd5.00426BA1
00426B6B  |>  8B4D 08    MOV ECX,DWORD PTR SS:[EBP+8]       //JMP 426b77
00426B6E  |.  51          PUSH ECX                               ; /Arg1
00426B6F  |.  E8 48EE0400 CALL Ekd5.004759BC                      ; \Ekd5.004759BC       这个地方就是
00426B74  |.  83C4 04    ADD ESP,4
00426B77  |.  B9 386F4900 MOV ECX,Ekd5.00496F38
00426B7C  |.  E8 2335FFFF CALL Ekd5.0041A0A4
00426B81  |.  85C0       TEST EAX,EAX
00426B83  |.  75 1C       JNZ SHORT Ekd5.00426BA1
00426B85  |.  837D 08 00 CMP DWORD PTR SS:[EBP+8],0
00426B89  |.  74 0C       JE SHORT Ekd5.00426B97
00426B8B  |.  B9 386F4900 MOV ECX,Ekd5.00496F38
00426B90  |.  E8 5E35FFFF CALL Ekd5.0041A0F3
00426B95  |.  EB 0A       JMP SHORT Ekd5.00426BA1
00426B97  |>  B9 386F4900 MOV ECX,Ekd5.00496F38
00426B9C  |.  E8 1F35FFFF CALL Ekd5.0041A0C0
00426BA1  |>  5D          POP EBP
00426BA2  \.  C3          RETN

0041431E  /$  55          PUSH EBP
0041431F  |.  8BEC       MOV EBP,ESP
00414321  |.  51          PUSH ECX
00414322  |.  6A 2E       PUSH 2E                               ; /Arg1 = 0000002E
00414324  |.  8B4D 08    MOV ECX,DWORD PTR SS:[EBP+8]          ; |
00414327  |.  E8 CB400000 CALL Ekd5.004183F7                      ; \Ekd5.004183F7
0041432C  |.  66:8945 FC MOV WORD PTR SS:[EBP-4],AX
00414330  |.  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
00414333  |.  25 FFFF0000 AND EAX,0FFFF
00414338  |.  3D 00800000 CMP EAX,8000
0041433D  |.  75 07       JNZ SHORT Ekd5.00414346
0041433F  |.  B8 05000000 MOV EAX,5
00414344  |.  EB 17       JMP SHORT Ekd5.0041435D
00414346  |>  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
00414349  |.  81E1 FFFF0000 AND ECX,0FFFF
0041434F  |.  51          PUSH ECX                               ; /Arg1
00414350  |.  E8 03850100 CALL Ekd5.0042C858                      ; \Ekd5.0042C858
00414355  |.  83C4 04    ADD ESP,4
00414358  |.  B8 01000000 MOV EAX,1
0041435D  |>  8BE5       MOV ESP,EBP
0041435F  |.  5D          POP EBP
00414360  \.  C3          RETN

0042C858  /$  55          PUSH EBP
0042C859  |.  8BEC       MOV EBP,ESP
0042C85B  |.  8B45 08    MOV EAX,DWORD PTR SS:[EBP+8]
0042C85E  |.  50          PUSH EAX                               ; /Arg1
0042C85F  |.  B9 70074B00 MOV ECX,Ekd5.004B0770                   ; |
0042C864  |.  E8 0E0AFEFF CALL Ekd5.0040D277                      ; \Ekd5.0040D277
0042C869  |.  B9 3CC64A00 MOV ECX,Ekd5.004AC63C
0042C86E  |.  E8 3DF0FDFF CALL Ekd5.0040B8B0
0042C873  |.  25 FF000000 AND EAX,0FF
0042C878  |.  83F8 02    CMP EAX,2
0042C87B  |.  75 0C       JNZ SHORT Ekd5.0042C889
0042C87D  |.  8B4D 08    MOV ECX,DWORD PTR SS:[EBP+8]
0042C880  |.  51          PUSH ECX                               ; /Arg1
0042C881  |.  E8 18CFFFFF CALL Ekd5.0042979E                      ; \Ekd5.0042979E
0042C886  |.  83C4 04    ADD ESP,4
0042C889  |>  33C0       XOR EAX,EAX
0042C88B  |.  5D          POP EBP
0042C88C  \.  C3          RETN

0042979E  /$  55          PUSH EBP
0042979F  |.  8BEC       MOV EBP,ESP
004297A1  |.  E8 FDD3FFFF CALL Ekd5.00426BA3
004297A6  |.  5D          POP EBP
004297A7  \.  C3          RETN

00426BA3  /$  55          PUSH EBP
00426BA4  |.  8BEC       MOV EBP,ESP
00426BA6  |.  E8 E25C0000 CALL Ekd5.0042C88D
00426BAB  |.  50          PUSH EAX                               ; /Arg1
00426BAC  |.  E8 84FFFFFF CALL Ekd5.00426B35                      ; \Ekd5.00426B35
00426BB1  |.  83C4 04    ADD ESP,4
00426BB4  |.  5D          POP EBP
00426BB5  \.  C3          RETN

08指令410A9D
00410A9D  |> \8B55 F8    MOV EDX,DWORD PTR SS:[EBP-8]
00410AA0  |.  52          PUSH EDX                               ; /Arg1
00410AA1  |.  E8 78380000 CALL Ekd5.0041431E                      ; \Ekd5.0041431E
00410AA6  |.  83C4 04    ADD ESP,4
00410AA9  |.  E9 7D060000 JMP Ekd5.0041112B

[广告] 《精忠报国岳飞传完整版》火热发布


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#59

发表于 2007-12-30 21:44 资料个人空间短消息只看该作者

08 剧本指令修改

08 剧本指令，菜单选择，可以增加另外一个参数控制是否可选择存档按钮。
现在这个剧本指令有一个参数，选择false是不会出现存档按钮的选择，但是鼠标消息也受到影响，我追终了下，发现有个地方可以处理下。
0041431E  /$  55          PUSH EBP
0041431F  |.  8BEC       MOV EBP,ESP
00414321  |.  51          PUSH ECX
00414322  |.  6A 2E       PUSH 2E                         ; /Arg1 = 0000002E
00414324  |.  8B4D 08    MOV ECX,DWORD PTR SS:[EBP+8]          ; |
00414327  |.  E8 CB400000 CALL 复件_(2).004183F7          ; \复件_(2).004183F7
0041432C  |.  66:8945 FC MOV WORD PTR SS:[EBP-4],AX
00414330    6A 26       PUSH 26
00414332    8B4D 08    MOV ECX,DWORD PTR SS:[EBP+8]
00414335    E8 BD400000 CALL 复件_(2).004183F7
0041433A    66:8945 F8 MOV WORD PTR SS:[EBP-8],AX
0041433E    FF75 F8    PUSH DWORD PTR SS:[EBP-8]
00414341    FF75 FC    PUSH DWORD PTR SS:[EBP-4]
00414344    E8 0F850100 CALL 复件_(2).0042C858
00414349    83C4 04    ADD ESP,4
0041434C    B8 01000000 MOV EAX,1
00414351    8BE5       MOV ESP,EBP
00414353    5D          POP EBP
00414354    C3          RETN
加了一个 26的参数。来判断是否处理.
0042C858  /$  55          PUSH EBP
…………………………………………………………
0042C881 JMP 0041856A
0042C886  |.  83C4 04    ADD ESP,4
0042C889  |>  33C0       XOR EAX,EAX
0042C88B  |.  5D          POP EBP
0042C88C  \.  C3          RETN
(跳转到41856A，我找到的一个空闲空间,  原指令 CALL Ekd5.0042979E)
不过 0042979E这个函数只有这里调用到它，而它本身又没有什么用，建议去掉算了。
看看他的内容就知道了
0042979E  /$  55          PUSH EBP
0042979F  |.  8BEC       MOV EBP,ESP
004297A1  |.  E8 FDD3FFFF CALL Ekd5.00426BA3
004297A6  |.  5D          POP EBP
004297A7  \.  C3          RETN
------直接Call 00426BA3就好了
0041856A    8B45 0C    MOV EAX,DWORD PTR SS:[EBP+C]
0041856D    85C0       TEST EAX,EAX
0041856F    0F84 14430100 JE 复件_(2).0042C889
00418575    E8 29E60000 CALL 复件_(2).00426BA3
0041857A    E9 07430100 JMP 复件_(2).0042C886
判断第二个参数，根据他的值0还是1决定是否Call 00426BA3

[广告] 真诚支持说岳，携手共创辉煌


	岱瀛 (deving)


	长平侯川峡东路经略使监管使

组别	经略使
级别	左将军
好贴	1
功绩	2293
帖子	1370
编号	55810
注册	2005-12-22
来自	人间
家族	慕容世家

#60

发表于 2007-12-30 21:45 资料个人空间短消息只看该作者

4a指令

00415D92  /.  55          PUSH EBP
00415D93  |.  8BEC       MOV EBP,ESP
00415D95  |.  83EC 08    SUB ESP,8
00415D98  |.  6A 04       PUSH 4
00415D9A  |.  8B4D 08    MOV ECX,DWORD PTR SS:[EBP+8]
00415D9D  |.  E8 55260000 CALL WaGan1.004183F7
00415DA2  |.  8945 FC    MOV DWORD PTR SS:[EBP-4],EAX
00415DA5  |.  817D FC 00000>CMP DWORD PTR SS:[EBP-4],80000000
00415DAC  |.  75 07       JNZ SHORT WaGan1.00415DB5
00415DAE  |.  B8 05000000 MOV EAX,5
00415DB3  |.  EB 78       JMP SHORT WaGan1.00415E2D
00415DB5  |>  837D FC 00 CMP DWORD PTR SS:[EBP-4],0
00415DB9  |.  75 07       JNZ SHORT WaGan1.00415DC2
00415DBB  |.  C745 FC 01000>MOV DWORD PTR SS:[EBP-4],1
00415DC2  |>  C745 F8 00000>MOV DWORD PTR SS:[EBP-8],0
00415DC9  |.  EB 09       JMP SHORT WaGan1.00415DD4
00415DCB  |>  8B45 F8    /MOV EAX,DWORD PTR SS:[EBP-8]
00415DCE  |.  83C0 01    |ADD EAX,1
00415DD1  |.  8945 F8    |MOV DWORD PTR SS:[EBP-8],EAX
00415DD4  |>  837D F8 06    CMP DWORD PTR SS:[EBP-8],6a
00415DD8  |.  73 16       |JNB SHORT WaGan1.00415DF0
00415DDA  |.  6A 38       |PUSH 38
00415DDC  |.  8B4D 08    |MOV ECX,DWORD PTR SS:[EBP+8]
00415DDF  |.  E8 13260000 |CALL WaGan1.004183F7
00415DE4  |.  8B4D F8    |MOV ECX,DWORD PTR SS:[EBP-8]
00415DE7  |.  89048D F0094B>|MOV DWORD PTR DS:[ECX*4+4B09F0],EAX
00415DEE  |.^ EB DB       \JMP SHORT WaGan1.00415DCB
00415DF0  |>  C745 F8 01000>MOV DWORD PTR SS:[EBP-8],1
00415DF7  |.  EB 09       JMP SHORT WaGan1.00415E02
00415DF9  |>  8B55 F8    /MOV EDX,DWORD PTR SS:[EBP-8]
00415DFC  |.  83C2 01    |ADD EDX,1
00415DFF  |.  8955 F8    |MOV DWORD PTR SS:[EBP-8],EDX
00415E02  |>  837D F8 05    CMP DWORD PTR SS:[EBP-8],5
00415E06  |.  73 16       |JNB SHORT WaGan1.00415E1E
00415E08  |.  6A 39       |PUSH 39
00415E0A  |.  8B4D 08    |MOV ECX,DWORD PTR SS:[EBP+8]
00415E0D  |.  E8 E5250000 |CALL WaGan1.004183F7
00415E12  |.  8B4D F8    |MOV ECX,DWORD PTR SS:[EBP-8]
00415E15  |.  89048D 040A4B>|MOV DWORD PTR DS:[ECX*4+4B0A04],EAX
00415E1C  |.^ EB DB       \JMP SHORT WaGan1.00415DF9
00415E1E  |>  B9 902F4900 MOV ECX,WaGan1.00492F90
00415E23  |.  E8 42270000 CALL WaGan1.0041856A
00415E28  |.  B8 01000000 MOV EAX,1
00415E2D  |>  8BE5       MOV ESP,EBP
00415E2F  |.  5D          POP EBP
00415E30  \.  C3          RETN

00415E1E  |> \B9 902F4900       MOV ECX,WaGan1.00492F90
00415E23  |.  E8 42270000       CALL WaGan1.0041856A
00415E28  |.  B8 01000000       MOV EAX,1
00415E2D  |>  8BE5             MOV ESP,EBP
00415E2F  |.  5D                POP EBP
00415E30  \.  C3                RETN

0041856A  /$  55          PUSH EBP
0041856B  |.  8BEC       MOV EBP,ESP
0041856D  |.  83EC 20    SUB ESP,20
00418570  |.  894D E0    MOV DWORD PTR SS:[EBP-20],ECX
00418573  |.  C645 FC 00 MOV BYTE PTR SS:[EBP-4],0
00418577  |.  C645 F4 00 MOV BYTE PTR SS:[EBP-C],0
0041857B  |.  EB 08       JMP SHORT WaGan1.00418585
0041857D  |>  8A45 F4    /MOV AL,BYTE PTR SS:[EBP-C]
00418580  |.  04 01       |ADD AL,1
00418582  |.  8845 F4    |MOV BYTE PTR SS:[EBP-C],AL
00418585  |>  8B4D F4       MOV ECX,DWORD PTR SS:[EBP-C]
00418588  |.  81E1 FF000000 |AND ECX,0FF
0041858E  |.  83F9 06    |CMP ECX,6
00418591  |.  7D 17       |JGE SHORT WaGan1.004185AA
00418593  |.  8B55 F4    |MOV EDX,DWORD PTR SS:[EBP-C]
00418596  |.  81E2 FF000000 |AND EDX,0FF
0041859C  |.  833C95 040A4B>|CMP DWORD PTR DS:[EDX*4+4B0A04],0
004185A4  |.  75 02       |JNZ SHORT WaGan1.004185A8
004185A6  |.  EB 02       |JMP SHORT WaGan1.004185AA
004185A8  |>^ EB D3       \JMP SHORT WaGan1.0041857D
004185AA  |>  8B45 F4    MOV EAX,DWORD PTR SS:[EBP-C]
004185AD  |.  25 FF000000 AND EAX,0FF
004185B2  |.  83F8 06    CMP EAX,6
004185B5  |.  75 1D       JNZ SHORT WaGan1.004185D4
004185B7  |.  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
004185BA  |.  81E1 FF000000 AND ECX,0FF
004185C0  |.  C7048D E05E4B>MOV DWORD PTR DS:[ECX*4+4B5EE0],0D60000
004185CB  |.  8A55 FC    MOV DL,BYTE PTR SS:[EBP-4]
004185CE  |.  80C2 01    ADD DL,1
004185D1  |.  8855 FC    MOV BYTE PTR SS:[EBP-4],DL
004185D4  |>  C645 F4 00 MOV BYTE PTR SS:[EBP-C],0
004185D8  |.  EB 08       JMP SHORT WaGan1.004185E2
004185DA  |>  8A45 F4    /MOV AL,BYTE PTR SS:[EBP-C]
004185DD  |.  04 01       |ADD AL,1
004185DF  |.  8845 F4    |MOV BYTE PTR SS:[EBP-C],AL
004185E2  |>  8B4D F4       MOV ECX,DWORD PTR SS:[EBP-C]
004185E5  |.  81E1 FF000000 |AND ECX,0FF
004185EB  |.  83F9 06    |CMP ECX,6
004185EE  |.  7D 7A       |JGE SHORT WaGan1.0041866A
004185F0  |.  8B55 F4    |MOV EDX,DWORD PTR SS:[EBP-C]
004185F3  |.  81E2 FF000000 |AND EDX,0FF
004185F9  |.  833C95 F0094B>|CMP DWORD PTR DS:[EDX*4+4B09F0],0
00418601  |.  74 62       |JE SHORT WaGan1.00418665
00418603  |.  8B45 F4    |MOV EAX,DWORD PTR SS:[EBP-C]
00418606  |.  25 FF000000 |AND EAX,0FF
0041860B  |.  813C85 F0094B>|CMP DWORD PTR DS:[EAX*4+4B09F0],0FFFF
00418616  |.  74 4D       |JE SHORT WaGan1.00418665
00418618  |.  8B4D F4    |MOV ECX,DWORD PTR SS:[EBP-C]
0041861B  |.  81E1 FF000000 |AND ECX,0FF
00418621  |.  8B148D F0094B>|MOV EDX,DWORD PTR DS:[ECX*4+4B09F0]
00418628  |.  52          |PUSH EDX                               ; /Arg1
00418629  |.  E8 621B0000 |CALL WaGan1.0041A190                   ; \WaGan1.0041A190
0041862E  |.  83C4 04    |ADD ESP,4
00418631  |.  85C0       |TEST EAX,EAX
00418633  |.  74 30       |JE SHORT WaGan1.00418665
00418635  |.  8B45 F4    |MOV EAX,DWORD PTR SS:[EBP-C]
00418638  |.  25 FF000000 |AND EAX,0FF
0041863D  |.  8B0C85 F0094B>|MOV ECX,DWORD PTR DS:[EAX*4+4B09F0]
00418644  |.  6BC9 48    |IMUL ECX,ECX,48
00418647  |.  81C1 0000D600 |ADD ECX,0D60000
0041864D  |.  8B55 FC    |MOV EDX,DWORD PTR SS:[EBP-4]
00418650  |.  81E2 FF000000 |AND EDX,0FF
00418656  |.  890C95 E05E4B>|MOV DWORD PTR DS:[EDX*4+4B5EE0],ECX
0041865D  |.  8A45 FC    |MOV AL,BYTE PTR SS:[EBP-4]
00418660  |.  04 01       |ADD AL,1
00418662  |.  8845 FC    |MOV BYTE PTR SS:[EBP-4],AL
00418665  |>^ E9 70FFFFFF \JMP WaGan1.004185DA
0041866A  |>  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
0041866D  |.  81E1 FF000000 AND ECX,0FF
00418673  |.  C7048D E05E4B>MOV DWORD PTR DS:[ECX*4+4B5EE0],0
0041867E  |.  33D2       XOR EDX,EDX
00418680  |.  8A15 EC094B00 MOV DL,BYTE PTR DS:[4B09EC]
00418686  |.  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
00418689  |.  25 FF000000 AND EAX,0FF
0041868E  |.  3BD0       CMP EDX,EAX
00418690  |.  7D 09       JGE SHORT WaGan1.0041869B
00418692  |.  8A4D FC    MOV CL,BYTE PTR SS:[EBP-4]
00418695  |.  880D EC094B00 MOV BYTE PTR DS:[4B09EC],CL
0041869B  |>  33D2       XOR EDX,EDX
0041869D  |.  8A15 EC094B00 MOV DL,BYTE PTR DS:[4B09EC]
004186A3  |.  8B45 FC    MOV EAX,DWORD PTR SS:[EBP-4]
004186A6  |.  25 FF000000 AND EAX,0FF
004186AB  |.  3BD0       CMP EDX,EAX
004186AD  |.  75 0C       JNZ SHORT WaGan1.004186BB
004186AF  |.  C745 F8 E05E4>MOV DWORD PTR SS:[EBP-8],WaGan1.004B5EE0
004186B6  |.  E9 30010000 JMP WaGan1.004187EB
004186BB  |>  8B4D FC    MOV ECX,DWORD PTR SS:[EBP-4]
004186BE  |.  81E1 FF000000 AND ECX,0FF
004186C4  |.  894D EC    MOV DWORD PTR SS:[EBP-14],ECX
004186C7  |.  C745 E8 00000>MOV DWORD PTR SS:[EBP-18],0
004186CE  |.  EB 09       JMP SHORT WaGan1.004186D9
004186D0  |>  8B55 E8    /MOV EDX,DWORD PTR SS:[EBP-18]
004186D3  |.  83C2 01    |ADD EDX,1
004186D6  |.  8955 E8    |MOV DWORD PTR SS:[EBP-18],EDX
004186D9  |>  817D E8 00040> CMP DWORD PTR SS:[EBP-18],400
004186E0  |.  0F83 E9000000 |JNB WaGan1.004187CF
004186E6  |.  8B45 E8    |MOV EAX,DWORD PTR SS:[EBP-18]
004186E9  |.  50          |PUSH EAX                               ; /Arg1
004186EA  |.  E8 A11A0000 |CALL WaGan1.0041A190                   ; \WaGan1.0041A190
004186EF  |.  83C4 04    |ADD ESP,4
004186F2  |.  85C0       |TEST EAX,EAX
004186F4  |.  0F84 BC000000 |JE WaGan1.004187B6
004186FA  |.  C645 E4 00 |MOV BYTE PTR SS:[EBP-1C],0
004186FE  |.  EB 09       |JMP SHORT WaGan1.00418709
00418700  |>  8A4D E4    |/MOV CL,BYTE PTR SS:[EBP-1C]
00418703  |.  80C1 01    ||ADD CL,1
00418706  |.  884D E4    ||MOV BYTE PTR SS:[EBP-1C],CL
00418709  |>  8B55 E4    | MOV EDX,DWORD PTR SS:[EBP-1C]
0041870C  |.  81E2 FF000000 ||AND EDX,0FF
00418712  |.  833C95 E05E4B>||CMP DWORD PTR DS:[EDX*4+4B5EE0],0
0041871A  |.  74 1D       ||JE SHORT WaGan1.00418739
0041871C  |.  8B45 E4    ||MOV EAX,DWORD PTR SS:[EBP-1C]
0041871F  |.  25 FF000000 ||AND EAX,0FF
00418724  |.  8B0C85 E05E4B>||MOV ECX,DWORD PTR DS:[EAX*4+4B5EE0]
0041872B  |.  E8 D00DFFFF ||CALL WaGan1.00409500
00418730  |.  3B45 E8    ||CMP EAX,DWORD PTR SS:[EBP-18]
00418733  |.  75 02       ||JNZ SHORT WaGan1.00418737
00418735  |.  EB 02       ||JMP SHORT WaGan1.00418739
00418737  |>^ EB C7       |\JMP SHORT WaGan1.00418700
00418739  |>  8B4D E4    |MOV ECX,DWORD PTR SS:[EBP-1C]
0041873C  |.  81E1 FF000000 |AND ECX,0FF
00418742  |.  8B55 FC    |MOV EDX,DWORD PTR SS:[EBP-4]
00418745  |.  81E2 FF000000 |AND EDX,0FF
0041874B  |.  3BCA       |CMP ECX,EDX
0041874D  |.  75 67       |JNZ SHORT WaGan1.004187B6
0041874F  |.  C645 E4 00 |MOV BYTE PTR SS:[EBP-1C],0
00418753  |.  EB 08       |JMP SHORT WaGan1.0041875D
00418755  |>  8A45 E4    |/MOV AL,BYTE PTR SS:[EBP-1C]
00418758  |.  04 01       ||ADD AL,1
0041875A  |.  8845 E4    ||MOV BYTE PTR SS:[EBP-1C],AL
0041875D  |>  8B4D E4    | MOV ECX,DWORD PTR SS:[EBP-1C]
00418760  |.  81E1 FF000000 ||AND ECX,0FF
00418766  |.  83F9 05    ||CMP ECX,5
00418769  |.  7D 19       ||JGE SHORT WaGan1.00418784
0041876B  |.  8B55 E4    ||MOV EDX,DWORD PTR SS:[EBP-1C]
0041876E  |.  81E2 FF000000 ||AND EDX,0FF
00418774  |.  8B0495 040A4B>||MOV EAX,DWORD PTR DS:[EDX*4+4B0A04]
0041877B  |.  3B45 E8    ||CMP EAX,DWORD PTR SS:[EBP-18]
0041877E  |.  75 02       ||JNZ SHORT WaGan1.00418782
00418780  |.  EB 02       ||JMP SHORT WaGan1.00418784
00418782  |>^ EB D1       |\JMP SHORT WaGan1.00418755
00418784  |>  8B4D E4    |MOV ECX,DWORD PTR SS:[EBP-1C]
00418787  |.  81E1 FF000000 |AND ECX,0FF
0041878D  |.  83F9 05    |CMP ECX,5
00418790  |.  75 24       |JNZ SHORT WaGan1.004187B6
00418792  |.  8B55 E8    |MOV EDX,DWORD PTR SS:[EBP-18]
00418795  |.  6BD2 48    |IMUL EDX,EDX,48
00418798  |.  81C2 0000D600 |ADD EDX,0D60000
0041879E  |.  8B45 FC    |MOV EAX,DWORD PTR SS:[EBP-4]
004187A1  |.  25 FF000000 |AND EAX,0FF
004187A6  |.  891485 E05E4B>|MOV DWORD PTR DS:[EAX*4+4B5EE0],EDX
004187AD  |.  8A4D FC    |MOV CL,BYTE PTR SS:[EBP-4]
004187B0  |.  80C1 01    |ADD CL,1
004187B3  |.  884D FC    |MOV BYTE PTR SS:[EBP-4],CL
004187B6  |>  8B55 FC    |MOV EDX,DWORD PTR SS:[EBP-4]
004187B9  |.  81E2 FF000000 |AND EDX,0FF
004187BF  |.  C70495 E05E4B>|MOV DWORD PTR DS:[EDX*4+4B5EE0],0
004187CA  |.^ E9 01FFFFFF \JMP WaGan1.004186D0
004187CF  |>  33C0       XOR EAX,EAX
004187D1  |.  A0 EC094B00 MOV AL,BYTE PTR DS:[4B09EC]
004187D6  |.  50          PUSH EAX                               ; /Arg3
004187D7  |.  8B4D EC    MOV ECX,DWORD PTR SS:[EBP-14]          ; |
004187DA  |.  51          PUSH ECX                               ; |Arg2
004187DB  |.  68 E05E4B00 PUSH WaGan1.004B5EE0                   ; |Arg1 = 004B5EE0
004187E0  |.  E8 CE5E0400 CALL WaGan1.0045E6B3                   ; \WaGan1.0045E6B3
004187E5  |.  83C4 0C    ADD ESP,0C
004187E8  |.  8945 F8    MOV DWORD PTR SS:[EBP-8],EAX
004187EB  |>  C645 F0 00 MOV BYTE PTR SS:[EBP-10],0
004187EF  |.  EB 09       JMP SHORT WaGan1.004187FA
004187F1  |>  8A55 F0    /MOV DL,BYTE PTR SS:[EBP-10]
004187F4  |.  80C2 01    |ADD DL,1
004187F7  |.  8855 F0    |MOV BYTE PTR SS:[EBP-10],DL
004187FA  |>  8B45 F0       MOV EAX,DWORD PTR SS:[EBP-10]
004187FD  |.  25 FF000000 |AND EAX,0FF
00418802  |.  8B4D F8    |MOV ECX,DWORD PTR SS:[EBP-8]
00418805  |.  833C81 00    |CMP DWORD PTR DS:[ECX+EAX*4],0
00418809  |.  74 26       |JE SHORT WaGan1.00418831
0041880B  |.  8B55 F0    |MOV EDX,DWORD PTR SS:[EBP-10]
0041880E  |.  81E2 FF000000 |AND EDX,0FF
00418814  |.  8B45 F8    |MOV EAX,DWORD PTR SS:[EBP-8]
00418817  |.  8B0C90       |MOV ECX,DWORD PTR DS:[EAX+EDX*4]
0041881A  |.  E8 E10CFFFF |CALL WaGan1.00409500
0041881F  |.  8B4D F0    |MOV ECX,DWORD PTR SS:[EBP-10]
00418822  |.  81E1 FF000000 |AND ECX,0FF
00418828  |.  89048D 50B348>|MOV DWORD PTR DS:[ECX*4+48B350],EAX
0041882F  |.^ EB C0       \JMP SHORT WaGan1.004187F1
00418831  |>  8B55 F0    MOV EDX,DWORD PTR SS:[EBP-10]
00418834  |.  81E2 FF000000 AND EDX,0FF
0041883A  |.  C70495 50B348>MOV DWORD PTR DS:[EDX*4+48B350],0FFFF
00418845  |.  8B45 F0    MOV EAX,DWORD PTR SS:[EBP-10]
00418848  |.  25 FF000000 AND EAX,0FF
0041884D  |.  33C9       XOR ECX,ECX
0041884F  |.  85C0       TEST EAX,EAX
00418851  |.  0F9FC1       SETG CL
00418854  |.  8BC1       MOV EAX,ECX
00418856  |.  8BE5       MOV ESP,EBP
00418858  |.  5D          POP EBP
00418859  \.  C3          RETN

[广告] 真诚支持说岳，携手共创辉煌

打印 \| 推荐 \| 订阅 \| 收藏 \| 开通个人空间 \| 加入资讯标题: 解读KOEI曹操传代码, 好久米更新，又不太想更新，就贴些旧笔记吧并先祝大家2008快乐
本帖已经被作者加入个人空间